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About This Guide 


This guide describes the functionality and usage of the Micro Focus Open Enterprise Server 2015 
(OES 2015) SP1 migration tool. This guide covers the following topics: 
+ Chapter 1, “Overview of the Migration Tools,” on page 15 
+ Chapter 2, “Overview of the Migration GUI,” on page 21 
+ Chapter 4, “What's New or Changed in the Migration Tool,” on page 39 
+ Chapter 5, “Planning for Migration,” on page 43 
+ Chapter 6, “Using the Migration Tool GUI,” on page 47 
+ Chapter 7, “Troubleshooting Issues,” on page 51 
+ Chapter 8, “Preparing for Server Migration,” on page 55 
+ Chapter 9, “Using the Migration GUI Tool,” on page 57 
+ Chapter 10, “Preparing for Transfer ID,” on page 63 
+ Chapter 11, “Using the Migration GUI Tool for Transfer ID,” on page 69 
+ Chapter 12, “Using Migration Commands for Transfer ID,” on page 77 
+ Chapter 13, “Running Transfer ID Remotely,” on page 87 
+ Chapter 14, “Post Transfer ID Migration,” on page 89 
+ Chapter 15, “Troubleshooting Issues,” on page 93 
+ Chapter 16, “Security Considerations for Data Migration,” on page 99 
+ Chapter 17, “Migrating File Systems to OES 2015 SP1,” on page 105 
+ Chapter 18, “Migrating eDirectory to OES 2015 SP1,” on page 151 
+ Chapter 19, “Migrating AFP to OES 2015 SP1,” on page 155 
+ Chapter 20, “Migrating CIFS to OES 2015 SP1,” on page 161 
+ Chapter 21, “Migrating DHCP to OES 2015 SP1,” on page 173 
+ Chapter 22, “Migrating DNS to OES 2015 SP1,” on page 187 
+ Chapter 23, “Migrating DSfW to OES 2015 SP1,” on page 193 
+ Chapter 24, “Migrating LUM to OES 2015 SP1,” on page 197 
+ Chapter 25, “Migrating FTP to OES 2015 SP1,” on page 199 
+ Chapter 26, “Migrating iFolder to OES 2015 SP1,” on page 205 
+ Chapter 27, “Migrating ¡Print to OES 2015 SP1,” on page 219 
+ Chapter 28, “Migrating NetStorage to OES 2015 SP1,” on page 247 
+ Chapter 29, “Migrating NTP to OES 2015 SP1,” on page 251 
+ Chapter 30, “Migrating NCP to OES 2015 SP1,” on page 253 
+ Chapter 31, “Migrating OpenSLP to OES 2015 SP1,” on page 255 
+ Chapter 32, “Migrating Proxy users to OES 2015 SP1,” on page 257 


About This Guide 


Audience 


This guide is intended for network administrators, installers, and consultants who are involved in 
migrating data and services to OES 2015 SP1. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation. 


Documentation Updates 


For the most recent version of the Migration Tool Administration Guide, visit the OES 2015 SP1 Web 
site (http://www.novell.com/documentation/oes2015). 
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| Overview 


+ Chapter 1, “Overview of the Migration Tools,” on page 15 

+ Chapter 2, “Overview of the Migration GUI,” on page 21 

+ Chapter 3, “Data Migration from NSS32 to NSS64,” on page 37 

+ Chapter 4, “What's New or Changed in the Migration Tool,” on page 39 
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Overview of the Migration Tools 


Migration is the process of migrating services, file system data, and eDirectory information from an 
existing NetWare 6.5 or OES servers to an OES 2015 SP1 server. The Migration tool now supports 
migration of Active Directory trustees. The Migration Toolkit is designed to meet all your migration 
needs. 


In this document, the supported NetWare and OES servers are referred to as the source server, and 
the OES 2015 SP1 server is referred to as the target server. 


The following topics are discussed in this section: 


¢ “Migration Tool Enhancements” on page 15 
¢ “Different Migration Tools” on page 15 
+ “Migration Scenarios” on page 16 


¢ “Support Matrix for NetWare and OES Services” on page 18 


Migration Tool Enhancements 


The Migration Tool has an enhanced graphical user interface (GUI), which enables you to migrate all 
the services from the source server to the target server. The Migration Tool uses a plug-in 
architecture and is made up of Linux command line utilities with a GUI wrapper. 


Features 


+ Supports migration of AD trustees 


¢ Transfer ID GUI now supports proxy migration from source OES Linux server to target OES 2015 
SP1 server. 


¢ In Transfer ID, you can perform unattended full repair of eDirectory (existing option in earlier 
OES releases) and local eDirectory database and network repair 


+ Use a Transfer ID scenario to migrate the server identity. 

+ Create a migration project to migrate multiple services. 

+ Schedule and run the migration at your convenience. 

+ Receive an e-mail message indicating the success or failure of the migration process. 

¢ Display the status of the migrating service and display service-specific logs. 

+ Display the overall progress of migration and display the logs. 

+ View a summary of the options configured for each service and for the entire migration project. 


Different Migration Tools 


The following table lists the tool to use for migrating services, depending on the source platform and 
target platform. 
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Table 1-1 Migration Tools Matrix 


Source Platforms Target Platforms Migration Tool For Information 
From any of these physical To this physical or Migration Tool Chapter 2, “Overview of 
servers: virtualized server: the Migration GUI,” on 
page 21 
+ OES 2015 SP1 + OES 2015 SP1 
+ OES 2015 
+ OES 11 SP2 


+ OES 2 SP3 Linux on SLES 
10 SP4 


+ NetWare 6.5 SP8 


From any of these physical To this physical or Server Server Consolidation and 
servers: virtualized server: Consolidation Migration Toolkit 


Migration Toolkit 1.2 Administration Guide 
+ NetWare 5.1 SP8 + NetWare 6.5 SP8 


Migration Scenarios 


The Migration Tool supports the following scenarios: 


+ “Migrate” on page 16 


+ “Transfer ID” on page 18 


Migrate 


The Migrate scenario helps you reorganize your network by copying the service configuration and 
data from any number of source servers to the target server. By consolidating data on new, more 
powerful servers, you can simplify your network administration processes and lower your IT costs. 


This section describes example scenarios of how to consolidate your data. 


+ “Sample Scenarios” on page 16 


¢ “Cross-Platform Data Consolidations” on page 17 


Sample Scenarios 


The benefits of the Migration Tool can be better understood through examining some sample 
scenarios. 
+ “Basic Server Consolidation: Many-to-One” on page 16 


¢ “Consolidating Data from Multiple Servers onto a Two-Node Cluster” on page 17 


Basic Server Consolidation: Many-to-One 


In this scenario (See Figure 1-1), you have three existing OES servers. You recently purchased a 
multiprocessor server and installed OES 2015 SP1 on it. You want to copy the data from each of the 
three servers to the single OES 2015 SP1 server. Instead of manually moving all the data or backing 
up the data on each of the three servers and then restoring it on the OES 2015 SP1 server, you can 
use the Migration Tool to automate the process. 
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Figure 1-1 Many-to-One Server Consolidation 
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Although Figure 1-1 shows a consolidation scenario in which all servers are in the same eDirectory 
tree, you can also perform tree-to-tree consolidations. 


Consolidating Data from Multiple Servers onto a Two-Node Cluster 


In this scenario (see Figure 1-2), you have five existing OES servers. You recently purchased two 
multiprocessor servers and the necessary hardware to create a two-node cluster complete with an 
attached Storage Area Network (SAN). You decide to install OES 2015 SP1 on the two-node cluster 
and to copy the data from each of the five servers to the SAN on the two-node cluster. Instead of 
manually moving all the data and Printer Agents or backing up the data and restoring it to the SAN, 
you can use the Migration Tool, which automates the data migration process. 


Figure 1-2 Cluster Server Consolidation 
eDirectory Tree 


OES Servers Two Node Cluster 
Cluster Cluster 
Server 1 Server2 Server 3 Server 4 Server 5 Server 1 Server 2 


Fiber 
Channel 


Switch 
Volumes 


Shared Disk 
System 


Migration 


Cross-Platform Data Consolidations 


The Migration Tool supports cross-platform data consolidations from supported NetWare or OES 
servers to an OES 2015 SP1 server. 
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Transfer ID 


Transfer ID is a migration scenario for transferring the server identity of the source server to the target 
server. The identity of the server is made up of its IP address, hostname, eDirectory identity, NICI 
keys, and the certificates from the source server. This scenario is only supported in same tree 
migration. 


On successful completion of the Transfer ID migration, the target server functions with the identity of 
the source server and the source server goes offline. 


Support Matrix for NetWare and OES Services 


The Table 1-2 lists the support for the source platforms for OES 2015 SP1 services. 


The legends used in the following table are: 


Y Supported source platform 

x Unsupported source platform 

NA Service is not available on that platform 
* iFolder 2 

= iFolder 3.2 


Table 1-2 Source Platform Support for OES 2015 SP1 Services 


Services NW 6.5 OES 2 OES 11 SP2 OES 2015 OES 2015 SP1 


SP8 T GIES 10 

ARE Y Y Y Y Y 
CIFS Y Y Y Y Y 
DARE Y Y Y Y Y 
DNS x Y Y Y Y 
a x Y Y Y Y 
FTP Y Y Y Y Y 
¡Folder + Y of Y Y 
iPrint Y J Ps rs 
NetStorage x Y J gf gf 
NCP NA Y J gf gf 
NSS Y Y Y Y Y 
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Services NW 6.5 OES 2 OES 11 SP2 OES 2015 OES 2015 SP1 


SP8 SP3 (SLES 10 
SP4) 
NTP Y NA NA NA NA 
NetWare Traditional Y NA NA NA NA 
OpenSLP x Y Y Y Y 


NOTE: If the source platforms are NW 5.1, NW 6.0 SP5, OES 1, OES 2 SP2, or OES 11, you must 
upgrade to the supported source platform listed in the above table. 


Detailed information on configuring and migrating the above services is documented in Part VII, 
“Service Migration,” on page 149. 
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Overview of the Migration GUI 


This section describes the different panes in the Migration Tool GUI. 


+ “Project Pane” on page 21 


+ “Migration Pane” on page 29 


+ “Services to Migrate Pane” on page 31 


e “Migration Status” on page 33 


Figure 2-1 Migration Tool GUI 
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Summary 


Sync 
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Click Yes to 'Configure' the 
selected service. 


Service Status 


Ready Precheck 


| Migrate 


Service Start Time (dd-mm-yy hh:mm:ss) : 


Service Elapsed Time (hh:mm:ss) : 


Remaining Time (hh:mm:ss) : 


Project Start Time (dd-mm-yy hh:mm:ss) : 


Project Elapsed Time (hh:mm:ss) : 


Not Started 


Service Information 


B Target System 
? GFile System 
9 G MIGRATE 


Migrated data: 0 MB 
Trustee errors: O 
Total errors: O 
Migration Start Time: 
Migration End Time: 


Number of files/folders to migrate: O 
Number of files/folders migrated: O 
Data to be migrated: O MB 


Project Pane 


This is the left pane. You use it to access common project options: 


+ “Create Project” on page 22 


+ “Schedule Service” on page 23 


+ “Email Notification” on page 24 
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+ “View Logs” on page 26 

+ “Project Summary” on page 28 
+ “Help” on page 28 

+ “Quit” on page 28 

+ “Whiteboard” on page 28 


Figure 2-2 Project Pane 


(ñas New Project 
a Open Project 
= Sawe Project 
Es Scheduler 


A Email Notification 


& View Logs 


E Project Summary 


Create Project 


When you start Migration Tool GUI, a default project opens. You can save that project, create a new 
project or open an existing migration project. 


e “New Project” on page 22 
+ “Load Project” on page 23 


+ “Save Project” on page 23 


New Project 
To create a new project, click New Project. Specify the location to create the new project. 
Figure 2-3 New Project 

my New Project 


Location: 


/var/fopt/novell/migration/NewProj1| x 
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Load Project 


To open an existing migration project, click Open Project. Select the project, then click Open. 


Save Project 


To save a migration project, click Save Project, then click Yes. Click No to save the project to a 
different location. 


For example, /var/opt/novel1/migration/NewProj1.xml. The migration project file 
NewProj1.xml is saved to the default location. 


Schedule Service 


You can schedule the migration project to run at your convenience. 


Figure 2-4 Scheduler 


AY Scheduler 


November 2010 
M T W T F 
2 3 4 
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24 


1 2 3 4 


Start Time: Duration (Hours): 


[4 ok % Clear 


Use the scheduler to perform the following tasks: 


+ “Configure” on page 23 


e “View” on page 24 


Configure 


You can schedule the migration project to run on multiple days. 


1 Select the date in the calendar. 
2 Specify the Start Time to run the project. 
3 Specify the Duration to run the project. 
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4 Click OK to save the schedule. 


5 Inthe main migration window, click Migrate to migrate the service, or click Sync, to synchronize 
the data at the specified time. 


The migration project runs on the scheduled date and time. 


View 


Use this tab to see the week view of the scheduled project. 


Email Notification 


You can set email notifications for receiving the status of the migration. 


Figure 2-5 Notification 


2 Email Notification 


Email | Configure | 
Email ID(s): 


Ta: = 


Frorn: | 


Mail Notification On 


Success |_| Failure 


E] Error C] Schedule 


[4 ok © cancel 


+ “Email” on page 24 


+ “Configure” on page 25 


Email 


1 In the To field, type the e-mail address of an individual or group to receive notifications. You can 
include multiple e-mail addresses separated by a comma. 


2 Inthe From field, type the e-mail address that the notification e-mail messages will be sent from. 
3 Under Mail Notification On, select the option to generate mail. 


If you select all the options, you receive notification through mail, depending on the state of 
migration. For example, when migration fails, you receive an e-mail message notifying you that 
migration has failed. 


4 Click OK to save the settings. 
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Configure 


7a Email Notification 


Configure 


Mail Server 


Server : 


EOM: 25 


[_] StartTLs 


Mail Interval (in minutes): 


E ok © cancel 


1 In the Server field, specify the hostname or IP address of the recipient's inbound mail queue. 
2 Specify the port for the recipient's mail server. In non-secure mode the default port is 25. 
3 To send an e-mail message through a secure SMTP connection, select StartTLS. 


For example, to send an e-mail to a gmail account, the IP address is gmail-smtp-in.|.google.com 
and the port is 26. 


4 Specify the mail interval (in minutes) to send e-mail messages for errors encountered. The 
default time is 15 minutes, but you can increase or decrease the interval as necessary. The e- 
mail messages are sent only if error notification in the Email tab is set and if errors are 
encountered. 


NOTE: To set default mail settings for multiple projects, update the details in the 
migconf. properties file. 


The e-mail settings can be set by using the /opt/novell/migration/plugin/conf/ 
migconf.properties file. Update the values for the following parameters according to your 
requirements: 


+ mail_server_ip 

+ mail_server_port 

+ mail_to 

+ mail_from 

+ populate_values_from_httpstkd 


However, if you want default e-mail settings specified in /etc/opt/novell/httpstkd.conf file, 
then set the populate_values_from_httpstkd parameter to yes inthe migconf.properties file. 


5 Click OK to save the settings. 
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View Logs 


In the main Migration GUI, click View Logs. This displays Migration Logs window with logs for overall 
migration and service-specific migration. You can select Migration or a service and use the search 
functionality to filter logs for specific type of error messages or keywords, the results are displayed in 
a new search window. By default, only the last log file is filtered and results are displayed. You must 
select the Include All Files option to search all log files for a service. 


Figure 2-6 Migration Logs 


a Migration Logs 


Search For: | Files @, Search 


v| [Include Al 

UIS=IU=UL IF. 30.07, 586 IFO = FILESTSTEM-TMYMESMMOTMANON. Dee ong FTE Ura SS T OCI TEST IMO NET FSZ VTAT 
2013-10-01 14:30:07,635 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file1482 1.txt 
2013-10-01 14:30:07,673 INFO - FILESYSTEM:migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file14822 txt 
2013-10-01 14:30:07,723 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file14823.txt 
2013-10-01 14:30:07,760 INFO - FILESYSTEM:migfiles: Information: Deleting /media/nss/VOL1/test_1lmb/file14824.txt 
2013-10-01 14:30:07,802 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file14825.txt 
2013-10-01 14:30:07,823 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file14826.txt 
2013-10-01 14:30:07,862 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/filel4827.txt 
2013-10-01 14:30:07,887 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file14828.txt 
2013-10-01 14:31:12,549 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file17917.n«t 
2013-10-01 14:30:07,948 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file14829.txt 
2013-10-01 14:30:07,990 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/¥OL1/test_1mb/file1483.txt 
2013-10-01 14:30:08,030 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file14830.1xt 
2013-10-01 14:30:08,087 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file1483 1.txt 
2013-10-01 14:30:08,138 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file14832.txt 
2013-10-01 14:30:08,143 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file14833 txt 
2013-10-01 14:30:08,189 INFO - FILESYSTEM: migfiles: Information: Deleting ¿media/nss/YOL1/test_1mb/file14834.txt 
2013-10-01 14:30:08,210 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file14835 txt 
2013-10-01 14:30:08,255 INFO - FILESYSTEM: migfiles: Information: Deleting ¿media/nss/YOL1/test_1mb/file14836.txt 
2013-10-01 14:30:08,305 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file14837.nxt 
2013-10-01 14:31:12,591 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1Imb/file17918.txt 
2013-10-01 14:31:12,647 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/filel7919.txt 
2013-10-01 14:31:12,674 INFO - FILESYSTEM:migfiles: Information: Deleting /media/nss/VOL1/test_1mb/file1792.txt 
2013-10-01 14:31:12,714 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file17920.txt 
2013-10-01 14:31:12,762 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file17921.txt 
2013-10-01 14:31:12,823 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file17922.n 
2013-10-01 14:31:12,863 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file17923.nxt 
2013-10-01 14:31:12,910 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1Imb/file17924.txt 
2013-10-01 14:31:12,949 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1mb/file17925.txt 
2013-10-01 14:31:12,974 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1lmb/file17926,txt 
2013-10-01 14:31:13,030 INFO - FILESYSTEM: migfiles: Information: Deleting ¿media/nss/YOL1/test_1mb/file17927.txt 
2013-10-01 14:31:13,080 INFO - FILESYSTEM: migfiles: Information: Deleting /media/nss/¥OL1/test_Imb/filel7928.txt 
2013-10-01 14:31:13,101 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_Imb/file17929.txt 
2013-10-01 14:30:08,311 INFO - FILESYSTEM: migfiles:Information: Deleting 
{media/nss/VOL1/test_1mb/file14838.1xt2013-10-01 14:31:13,145 INFO - FILESYSTEM:migfiles: Information: Deleting 
/media/nss/VOL1/test_1mb/file1793.txt 
2013-10-01 14:30:08,373 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1Imb/file14839.txt 
2013-10-01 14:30:08,420 INFO - FILESYSTEM: migfiles:Information: Deleting ¿media/nss/YOL1/test_1mb/file1484.txt 
2013-10-01 14:30:08,467 INFO - FILESYSTEM: migfiles:Information: Deleting /media/nss/VOL1/test_1Imb/file14840.txt 


| 


| $ Refresh || © close 


The overall progress of migration, sync, and errors are recorded in the common migration file - 
migration.log and service-specific logs in the servicename. log file. A log directory is created in 
the same path as the migration project. The associated output and log files for the project are stored 
in this directory. For example, /var/opt/novel1/migration/NewProj123/10g/migration.log. 


For example, if Migration is selected in the left pane, logs from the migration. log file is displayed in 
the right pane. 


During migration, if a fatal error is encountered, migration is stopped and details are logged in the log 
files. 


Search For: Select Migration or a service in the left pane. Specify string in the Search For text box 
or select keywords for logs from the drop-down list, then click Search, a new window is displayed with 
the search results. To search all the log files for a project, select the Include All Files option. 


The keywords are: INFO, DEBUG, WARN, ERROR, and FATAL. 
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NOTE: The input string for search is case-sensitive to search for keywords. 


Include All Files: By default, only the last log file is filtered as per the search string and results are 
displayed. You must select the Include All Files option to search all the log files for a service. 


Configuring Log Files 


The log files are overwritten after it reaches the maximum limit. You can increase the log file size or 
number of log files as per your log requirement. The changes can be done to the values of the 
MaxFileSize and maxBackupIndex parameters in the configuration file at /etc/opt/novell/ 
migration/Log. xml. 


Customize the following parameters for each log file you want to modify: 


Parameter Description 

MaxFileSize Specifies the size of the service.log file (default: 10 
MB) and migration.log and filesystem.log (default: 10 
MB). 

maxBackupindex Specifies the maximum number of files created before 


the first log file is overwritten. 


Default value: 10 


For example, you can increase the file size of filesystem. log to 10 MB by editing the MaxFileSize 
value in the Log.xml file. 
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Project Summary 


This displays a tree view of the options configured for all the services selected for migration. 


Figure 2-7 Project Summary 


Project Summary 
2 (Project Path 
D /varfopt/novell/migration/mig_project/NewProj. xml 
? [Source Server 
E) IP Address=192,168,1.255 
G Username=cn=admin,o= example.org 
IN Tree Name= NOVELL_TREE 
9 [] Target Server 
IN IP Address=192,168.2,255 
IN Username =cn=admin,o= example.org 
G Tree Name= NOVELLO9_TREE 
2 C4 Email Notification Options 
Ey Mail To=carla@example.arg 
D Notify on error=Yes 
IN Notify on success=Yes 
Notify on failure =Yes 
IN Notify on schedule changes=Yes 
9 FTP 
IN No Configuration Parameters and Values. 


? CI NTP 
D No Configuration Parameters and Values. 


Help 


This displays the help for the Migration Tool. 


Quit 


This closes the migration window and stops the migration process. If the migration project is not 
saved, you are prompted to save the project. 


Whiteboard 


This display instructions and tips to perform a successful migration. 
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Migration Pane 


This is the top pane of the Migration Tool GUI. 


Figure 2-8 Top Pane 
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192.168.1.255 wgp-drs26 


Use this pane to perform the following tasks: 


+ Authenticate the source server and target server credentials. 


+ Select the type of migration as Migrate or Transfer ID. The Migrate option is enabled only after 
configuring a service for migration. By default, only the Transfer ID option is enabled. 


Authenticate Source Server and Target Server 


Specify the credentials to authenticate the source server and target server. 


Figure 2-9 Source Server Authentication Screen 


Y Source Server Authentication 


Server: |192.168.1.255] 
(e.g. 192. 16800000 or Host Name) 
[] Is Cluster Resource 


User Name: [cn=admin, o=novell E 


(e.g. cn=admin,o=companyname) 


Password: |eeeeee 


root Password : 


(Required for OES Linux server) 


636 |w] Use SSL 


1 In the Server field, specify the IP address or hostname of the source server. 
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The server IP, user name and port information is cached by the Migration GUI. When entering 
values in the Server or User Name field, Migration GUI auto-fills this information. To clear the 
cache entries, delete the entries from the /opt/novell/migration/plugin/conf/ 
migration.history file. 


(Optional) Is Cluster Resource: To migrate cluster volumes, specify cluster resource IP in the 
Server field and select the Is Cluster Resource option. If you select this option, only the file 
system and iPrint services are migrated. This option supports only Migrate scenario and does 
not support Transfer ID. 


For example, use the NSS Cluster Pool IP to migrate NSS cluster volumes and use the iPrint 
cluster IP to migrate iPrint. 


Use the node IP address for migrating other services. 


2 Inthe User Name field, specify the FDN of the admin user of the source server. Use the LDAP 


(comma-delimited) format. For example, cn=admin,o=novell 


3 Inthe Password field, specify the password for the admin user who is performing the migration. 
4 Ifthe source server is OES, specify the password for authentication in the Root Password field. 


5 Inthe Port field, specify the port number to use for the SSL connection on the source server. By 


default, port 636 is used for the SSL connection and port 389 for the non-SSL connection. 


6 (Optional) To use a secure connection for LDAP authentication, select Use SSL. 
7 Click OK to authenticate the credentials on the source server. 


In the Target Server Authentication dialog box there is no field available to specify the IP address or 
the hostname because the Migration Tool is launched from the target server. 


If the source and target servers are in the same tree, the credentials on the target server are 
automatically populated when the credentials on the source server are authenticated. 


Figure 2-10 Target Server Authentication Screen 


A Target Server Authentication 


User Name : |ch=admin,o=novell 


(e.g. cn=admin, o=companyname) 


Password : |eeeeee 


root Password: |eeeeee 


: [636 [v] [y] Use SSL 


1 Specify the credentials of the administrator of the target server. 

2 Specify the root password. 

3 (Optional) To use a secure connection for LDAP authentication, select Use SSL. 
4 Click OK. 
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Type of Migration 


On successful authentication of the source server and target server, the IP address or the DNS name 
of the servers are displayed below the server icons. 


1 Depending on your requirements, select the migration type: 


¢ Migrate: Select this option, if you want to consolidate the services from the source server 
into an already running instance of the service on the target server. The source server and 
the target server can be in the same eDirectory tree or a different eDirectory tree. This 
option is enabled only after configuring a service for migration. 


¢ Transfer ID: Select this option to transfer the server identity of the source server to the 
target server. The source server and the target server must be in the same eDirectory tree. 


2 To configure the services for migration, see “Services to Migrate Pane” on page 31 


Services to Migrate Pane 


This is the central pane. Use this pane to select the services that you plan to migrate, and configure 
the options. When multiple services are configured for migration, the order represents the sequence 
for migration of the services. 


IMPORTANT: You must install all the services on the target server that you plan to migrate from the 
source server. 


For a list of service migration chapters and their corresponding documentation, see the Part VII, 
“Service Migration,” on page 149. 


You use this pane to perform the following tasks: 


+ Select and configure services for migration. 
+ Synchronize the migrated service with the service on the source server. 


¢ View the configuration summary of the service. 


Figure 2-11 Services to Migrate 


| Order Service Status | Dependencies | db Add 
File System Not Configured — 
Novell NTP Not Configured eos ] 
Novell ¡Print Not Configured — 
Novell DHCP Service Not Configured = - j E Configure 
| Novell AFP Not Configured FILESYSTEM — 
| Novell CIFS Not Configured FILESYSTEM 
| Novell iFolder Not Configured FILESYSTEM 
Novell Archive versioni... Not Configured FILESYSTEM 
Options 


+ Add: The Add Services dialog box displays a list of services to be migrated to the target server. 
Services that are not installed on the target server prior to the migration are not listed. 
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NOTE: If the Source server is OES, the Add Services dialog box displays only File System and 
iPrint service. Only these two services can be migrated using GUI. 


Figure 2-12 List of Services to Migrate from NetWare Source Server 


yy Add Services 
Service Name 


File System 

Novell FTP 

Novell NTP 

Novell iPrint 

Novell DHCP Service 
Novell iFolder 


© cancel 


+ Remove: In the Services to Migrate pane, select the service you do not want to migrate and 
click Remove. 


+ Order: The number indicates the order in which each service migrates. The order is displayed 
by the migration tool and cannot be edited. 


+ Service: Lists the name of service to be migrated. 


¢ Status: Displays the status of the service and last executed date and time of migration or 
synchronization of a service. 


The services can be in different states during migration: 


State Description 

Not Configured The service is not configured. 

Password Required Configuration of a service is not complete. 

Ready The service is configured and ready to migrate. 

Migrating The service is in the process of migration. 

Migrated The service is migrated to the target server. 

Synced The service on the target server is updated with the changes on the source 
server. 


+ Dependencies: Lists the dependent services to be migrated. The migration process progresses 
independently of whether the dependency is completed. 


+ Configure: Select the service to prepare for migration, then click Configure. 


¢ Sync: This option is enabled when you are synchronizing the file system, iFolder, or CIFS 
services. The service details on the target server are compared with the source server and only 
the changed information is migrated to the target server. Select the service, then click Sync. 


+ Summary: A tree view that displays migration options configured for a selected service. 
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To select the services to migrate: 


1 Click Add to display the list of services available for migration. 
2 In the Add Services window, select the services to migrate, then click OK. 

In the Status column, the status of the unconfigured services is listed as Not Configured. 
3 Select the service, then click Configure to configure the migration options. 


Details to configure and migrate the services are documented as an Appendix in this guide. 


NOTE: The services are listed depending on the source operating system, support for different types 
of migration scenarios (Migrate and Transfer ID) and the services installed on the target server. 


Migration Status 


Displays the service status and logs. 


+ “Status” on page 33 


+ “Service Information” on page 33 


Status 


Displays the status of the selected service. If a service is in a migrating state, the progress of the 
migration is displayed. 


State Description 

Ready The service is configured and ready to migrate. 

Precheck The prerequisites and migration options configured for each service are 
validated. 

Migrate The service is in the process of migration. 

Sync The migrated service is being synchronized with the service on the source 
server. 


Service Start Time: The date and the time when migration started for a specific service. 

Service Elapsed Time: The execution time of service migration. 

Remaining Time: The time remaining to complete migration of a service. 

Project Start Time: The date and the time when migration started for a specific complete project. 
Project Elapsed Time: The execution time of project migration. 


Progress bar: The progress of migration for a service. 


Service Information 


The tree view displays the progress of migration and sync for each service. 
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Migrate - Tree View for All Services 


Service State: The current state of migration for a service whether it is Ready, Precheck, Migrate or 
Sync. 


Progress Status: The progress of migration for a service. For example, Successfully Completed 


Migration Status: The status of migration for a service. For example, Complete 


Migrate - Tree View for File System 


Number of files/folders to migrate: The total number of files and folders on the source server that 
are to be migrated to the target server. 


Number of files/folders migrated: The total number of files and folders successfully migrated to the 
target server. 


Data to be migrated: The amount of data on the source server that is to be migrated to the target 
server. 


Migrated data: The amount of data successfully migrated to the target server. 


Trustee errors: The number of errors encountered when performing trustee migration. The error 
details are recorded in the filesystem. log file. 


Total errors: The total number of errors encountered when performing migration. Click the link to 
display the service-specific log file. 


Migration Start Time: The date and time when migration starts for a project. 


Migration End Time: The date and time when migration is completed. 


Sync - Tree View for All Services 


Service State: The state of sync for a service. 
Progress State: The progress of sync for a service. 


Sync Status: The status of sync for a service. 


Sync - Tree View for File System 


Number of files/folders to sync: The total number of files and folders on the source server that are 
modified and need to be synced to the target server. 


Number of files/folders synced: The total number of files and folders successfully synced to the 
target server. 


Data to be synced: The amount of data on the source server that is to be synced to the target 
server. 


Synced data: The amount of data successfully synced to the target server. 


Trustee errors: The number of errors encountered when syncing trustees. The error details are 
recorded in the filesystem. log file. 


Total errors: The total number of errors encountered when performing sync. Click the link to display 
the service-specific log file. 
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Number of files/folders deleted on target: The total number of files and folders that are deleted 
from the target server because those files and folders were deleted from the source server. 


Sync Start Time: The date and time when synchronization of service starts for a project. 


Sync End Time: The date and time when synchronization of services is completed. 
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3 Data Migration from NSS32 to NSS64 


For more information about NSS32 to NSS64 data migration, see Migrating NSS Data from NSS32 to 
NSS64 in the OES 2015 SP1: NSS File System Administration Guide for Linux. 
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What’s New or Changed in the Migration 
Tool 


This section describes enhancements and changes in the Migration Tool for the release Novell Open 
Enterprise Server (OES) 2015. 


+ “What's New (OES 2015 SP1)” on page 39 
+ “What's New (OES 2015)” on page 39 


What's New (OES 2015 SP1) 


Migration Tool in OES 2015 SP1 has been modified for bug fixes. There are no new features or 
enhancements in OES 2015 SP1. 


What’s New (OES 2015) 


In addition to bug fixes, OES 2015 provides the following enhancements and changes for the 
Migration Tool: 


Support for OES 2015 Features and Enhancements 


The Migration Tool has been modified to support OES 2015 servers, including NSS-AD support and 8 
exabyte NSS pools and volumes. 


Migration Support for Active Directory Trustee Assignments 


The Migration tool now supports migration of AD trustees assignments (ACLs) between OES 2015 
and later servers. Before performing trustee migration, ensure that the NSS pools and volumes on 
the target server are enabled to support AD users. For more information, see Trustee Migration in 

Active Directory Environment 


Transfer ID Supports Proxy User Migrations 


Transfer ID now supports the direct (Service to service or common to common) migration of proxy 
users from source OES servers to target OES 2015 servers. 


+ A service proxy users is migrated to the target server along with the service that it supports. 


+ Acommon proxy users is migrated to the target server along with the services that it supports. 


No other proxy user migration scenarios, such as migrating a common proxy user to a service proxy 
user, are supported. 


For more information, see Migrating Proxy Users to OES 2015. 
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Transfer ID Now Supports Repairing Only the Local eDirectory Database and 
Network 


Using the Migration GUI, when performing eDirectory repair in Transfer ID, you have the option of 
performing one of the following: 


+ Unattended full repair of eDirectory (existing option in earlier OES releases) 
+ Local eDirectory database and network repair 


While performing a Transfer ID migration, you can now limit any required eDirectory and network 
repairs to only the local eDirectory database and network, rather than performing a full repair, which 
can be quite time consuming in large networks. 


For more information, see Repair step in “Run Transfer ID” in the OES 2015 SP1: Migration Tool 
Administration Guide. 
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| Getting Started 


+ Chapter 5, “Planning for Migration,” on page 43 
+ Chapter 6, “Using the Migration Tool GUI,” on page 47 


+ Chapter 7, “Troubleshooting Issues,” on page 51 
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Planning for Migration 


The following topics are discussed in this section: 
+ “Prerequisites” on page 43 
+ “Preparing the Source Server for Migration” on page 44 
+ “Preparing the Target Server for Migration” on page 44 
¢ “Installing and Accessing the Migration Tool” on page 45 


+ “What's Next” on page 45 


Prerequisites 


+ “Source Server Requirements” on page 43 
+ “Target Server Requirements” on page 44 
+ “Unsupported Target Platforms” on page 44 
The Migration Tool is installed as part of the Open Enterprise Server (OES) 2015 installation. The 
source server and the target server must meet the requirements outlined in this section. 
O Platform Support for the Source Server: 
+ OES 2015 SP1 
+ OES 2015 
+ OES 11 SP2 
+ OES 2 SP3 Linux on SLES 10 SP4 
+ NetWare 6.5 SP8 and eDirectory 8.7.3.x or later 
O Platform Support for the Target Server: 
+ OES 2015 SP1 


O Time Synchronization: The source and target servers must be using the same time 
synchronization method. For more information on time synchronization, see “Time Services” in 
the OES 2015 SP1: Planning and Implementation Guide. 


Source Server Requirements 


The source server contains the files, volumes, and eDirectory objects that are to be copied to the 
target server. 


O The source server must be running supported versions of NetWare or OES and eDirectory. 
(O Update the source server with the latest NetWare and OES Support Pack. 


O Ensure that the user performing the migration has read/write/access rights on the source server. 
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Target Server Requirements 


O 


Ensure that the user performing the migration has read/write/access rights on the target server. 


Unsupported Target Platforms 


Novell does not support the following as Migration Tool target server: 


+ 


Novell Open Workgroup Suite - Small Business Edition 


Preparing the Source Server for Migration 


1 


Shut down any applications, products, or services (virus scan software, backup software, etc.) 
running on the server to be migrated. 


Verify the health of eDirectory by loading DSRepair with the following three options: 
+ Unattended Full Repair 
+ Time Synchronization 
+ Report Synchronization Status 

If errors are reported, resolve them before attempting migration. 


(Recommended) Back up eDirectory data and trustees on the source server, even though the 
source data is not modified during migration. 


For information on creating a backup of eDirectory, see Backing Up and Restoring eDirectory in 
the NetlQ eDirectory 8.8 SP8 Administration Guide. 


4 Remove any unnecessary applications, then delete and purge unused files and folders. 


5 Ensure that all the latest patches are installed. 


Preparing the Target Server for Migration 


1. 


Back up the eDirectory information on the target server. 


For information on creating a backup of eDirectory, see “Backing Up and Restoring NetlQ 
eDirectory” in the NetIQ eDirectory 8.8 SP8 Administration Guide. 


. Make sure that you have installed and configured the services that you are migrating from the 


source server. 


IMPORTANT: If a service is not available on the target server, it is not listed in the Migration Tool 
GUI. 
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Installing and Accessing the Migration Tool 


The Migration Tool is automatically installed with the OES 2015 SP1 (target server) server in the / 
opt/novell/migration/sbin folder. We recommend you to set the screen resolution to 1024X768 
before launching the Migration Tool GUI. 


Log in as the root user and use one of the following methods to access the Migration Tool on your 
target server: 


¢ Desktop: Click Computer > More Applications > System > Novell Migration Tools. 
+ Console: At the terminal prompt, enter: 


miggui 


What's Next 


To get started with the Migration Tool GUI, see “Using the Migration Tool GUI” on page 47. 
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Using the Migration Tool GUI 


This section describes how to migrate data from supported source server version to an OES 2015 
SP1 server. 


After you have completed the prerequisite procedures in Chapter 5, “Planning for Migration,” on 
page 43, you are ready to perform migration. To do this, complete the following tasks in the order they 
are listed: 

+ “Getting Started” on page 47 

¢ “Launch the Migration Tool Utility” on page 47 


¢ “Migration Process” on page 47 


Getting Started 


The Migration Tool is automatically installed with OES 2015 SP1 in the /opt/novell/migration/ 
sbin folder. 


IMPORTANT: To perform migration, you must be a root user and an eDirectory administrator. 


Launch the Migration Tool Utility 
We recommend you to set the screen resolution to 1024X768 before launching the Migration Tool 


GUI. 


Log in as the root user and use one of the following methods to access the Migration Tool on your 
target server: 


Desktop: Click Computer > More Applications > System > Novell Migration Tools. 
Console: At the terminal prompt, enter: 


miggui 


Migration Process 


1 Launch the Migration Tool. 
2 Do one of the following to create, open, or save the migration project: 


+ To create a new migration project, click New Project, specify the name of the project, then 
click OK. 


+ To open an existing project, click Open Project, then select the project and click Open. 
When a confirmation message to open the project is displayed, click Yes. 


+ To save a project, click Save Project > Yes. 
3 Specify the credentials of the source server, then click OK. 
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A Source Server Authentication 


: [192.168.1.255| 
(e.g. 192.168.xxx.xxx or Host Name) 
C] Is Cluster Resource 


User Name: |cn=admin,o=novell 


(e.g. cn=admin,o=companyname) 


Password: |eeeeee 


root Password : 


(Required for OES Linux server) 


636 v Use SSL 


a Target Server Authentication 


User Name : |ch=admin,o=novell 


(e.g. cn=admin, o=companyname) 


Password: eeeeee 


root Password : |eeeeee 


: [636 [v] Use SSL 


© Cancel 


5 Depending on your requirements, select the migration type: 
+ Migrate: To perform migration, see Chapter 8, “Preparing for Server Migration,” on page 55 
+ Transfer ID: To perform a Transfer ID, see Part IV, “Transfer ID Migration,” on page 61. 


6 In the Services to Migrate pane, select the services to migrate from the source server to the 
target server. 


Only the services installed on the target server are listed for migration. 
6a To display the list of services for migration, click Add. 
6b In the Add Services window, select the services to migrate, then click OK. 
7 Select the service for which you want to configure the migration options, then click Configure. 
8 Click Migrate to proceed with migration. The status of the service changes to Migrating. 
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In Status > Service Status, you can view the progress of migration. When the migration is 
complete, the status of the service changes to Migrated. 


In Status > Service Information, the tree view displays the progress of migration for each 
service. The Trustee errors and Total errors, displays the number of error encountered on 
performing migration. Click Total errors to view the service-specific log file. 
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/ Troubleshooting Issues 


+ “Source Server Authentication Fails in an Cluster Environment” on page 51 
+ “Clear User Name Entries Populated in the Source or Target Authentication Screen” on page 51 
+ “Unable to Authenticate to Source or Target Server Using Non-SSL Option” on page 51 


+ “Target Server Authentication Fails or Unable to Browse the eDirectory Tree in the Migration 
GUI” on page 52 


+ “The Authentication Dialog Box is Blank” on page 52 


Source Server Authentication Fails in an Cluster 
Environment 


If NCS is configured after OES configuration, then SMS is not registered with NCS. This causes 
authentication failure of the source server if the IS Cluster Resource option is selected. 


To resolve this issue, restart SMDR or unload and load TSA components of SMS, then autheticate to 
the source server. 


Clear User Name Entries Populated in the Source or 
Target Authentication Screen 


The server IP, user name and port details provided in the Source Server Authentication screen and 
the Target Server Authentication screen is cached by the Migration GUI. When entering a user name 
the values are auto-filled by the Migration GUI; to clear these cache entries, delete the 
MIGFW_SOURCE_USERNAME and MIGFW_TARGET_USERNAME entry from the /opt/novell/ 
migration/plugin/conf/migration.history file. 


Unable to Authenticate to Source or Target Server 
Using Non-SSL Option 


In the Source Server Authentication screen or the Target Server Authentication screen, if the Use SSL 
option is not selected, then authentication to the server fails. 


+ If you do not want to use a secure connection, deselect the Use SSL option. 


When this option is not selected, you must ensure that TLS is disabled for LDAP on the source 
server. Using ¡Manager > LDAP > LDAP Options > LDAP Group-server_name > Authentication 
Options and deselect Require TLS for Simple Binds with Password. 


+ Touse a secure connection, select the Use SSL option (default setting). 


When this option is selected, you must ensure that TLS is enabled for LDAP on the source 
server. Using ¡Manager > LDAP > LDAP Options > LDAP Group-server_name > Authentication 
Options and select Require TLS for Simple Binds with Password (it is selected by default). 
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Target Server Authentication Fails or Unable to 
Browse the eDirectory Tree in the Migration GUI 


Description: If you execute the Migration GUI on a new OES 2015 SP1 server, the target server 
authentication fails or the Services panel is unable to display eDirectory objects on browsing the tree 
or LDAP secure bind fails displaying an empty eDirectory tree. 


The Migration Tool creates a private Java certificate store on first-time authentication to the target 
server. This store is used by Java Security Provider for all the SSL communications. When you 
launch the Migration Tool for the first time, the keystore does not exist, the LDAP bind fails during 
authentication or when performing an eDirectory search. 


Action: The error is resolved on performing the following steps: 
Save the migration project. 

Close the Migration Tool GUI. 

Start the Migration Tool GUI. 


Start the migration project saved in Step 1. 


ao Aà WN PF 


Configure the service. 
eDirectory objects are now available in the service GUI. 


The Authentication Dialog Box is Blank 


Description: When you switch from a desktop or any window to the Source Server Authentication or 
the Target Server Authentication dialog box, the Migration Tool displays a blank authentication dialog 
box. 


This is an issue that occurs randomly. The authentication details are not lost, but you see a blank 
dialog box. 


Action: Close the dialog box and open it again. All the details in the authentication dialog box are 
retained. 
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| | | Server Consolidations 


+ Chapter 8, “Preparing for Server Migration,” on page 55 
+ Chapter 9, “Using the Migration GUI Tool,” on page 57 
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Preparing for Server Migration 


To prepare your source server and target server for migration, complete the tasks in the following 
sections: 

+ “Prerequisites” on page 55 

¢ “Migration Support Matrix” on page 55 


Prerequisites 


+ Ensure that the source server and target server are running with the supported versions of the 
NetWare, or Linux server software. For more information, see “Support Matrix for NetWare and 
OES Services” on page 18. 


+ The target must be running Open Enterprise Server (OES) 2015 SP1 with the following 
components enabled: 


+ NetIQ eDirectory 
+ Novell NCP Server for Linux 
+ Novell Storage Management Services (SMS) 


For more information on installing and configuring OES 2015 SP1, see the OES 2015 SP1: 
Installation Guide. 


Migration Support Matrix 


To migrate a service, you must select the Migrate scenario. Depending on the service, the Migrate 
scenario either migrates or consolidates the service. 


The Table 8-1 explains the behavior of the service on selecting the Migrate scenario. 


+ Overwrites the existing configuration: The service configuration on the target server is 
overwritten with the service configuration from the source server. 


+ Append to existing configuration: The service configuration on the target server is appended 
with the service configuration from the source server. 


Table 8-1 Support Matrix 


Services Migrate Details 


Overwrites the Append to the existing 
existing configuration configuration 


AFP No Yes “Migration Scenarios” on 
page 155 
CIFS CIFS configuration + Shares “Migrate - Same Tree” on 
page 162 
+ Context 
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Services Migrate Details 


Overwrites the Append to the existing 
existing configuration configuration 


DHCP No Yes “Consolidation” on page 182 


FTP Yes No “Migration Scenarios” on 
page 199 
iFolder 3 No + User's ¡Folder “Migration Scenarios” on 
fake a age 212 
+ Sharing information pay 
of iFolder 3.2 
iPrint No Yes “Supported Migration 
Scenarios” on page 220 
NTP No Yes “Migration Scenarios” on 


page 251 
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O Using the Migration GUI Tool 


After you have completed the general prerequisites in Chapter 5, “Planning for Migration,” on page 43 
and prerequisite procedures in Chapter 8, “Preparing for Server Migration,” on page 55, you are 
ready to migrate the source server. To do this, complete the following tasks in the order they are 
listed: 


+ 


+ 


+ 


+ 


+ 


“Launch the Migration Tool Utility” on page 57 

“Create the Project File” on page 58 

“Select the Source Server, Target Server, and Migration Type” on page 59 
“Configure the Services” on page 60 


“Run the Migration” on page 60 


Launch the Migration Tool Utility 


Log in as the root user and use one of the following methods to access the Migration Tool on your 
target server: 


Desktop: Click Computer > More Applications > System > Novell Migration Tools. 


Console: At a terminal prompt, enter 


miggui 
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Figure 9-1 Migration Tool GUI 


a Migration(/var/opt/novell/migration/NewProj140.xml) 


New Project 
Open Project 


Source Server Target Server 


Migrate 


— 
= Save Project 
/ / Transfer ID 
Scheduler 


192.168.1.255 wap-drs26 
<] Email Notification 


D 
> View Logs 


— 7 Service Status Dependencies db Add 
i= f| Project Summary File System Not Configured = 


= Remove 


5 Configure 


Summary 


Sync 


Click Yes to 'Configure' the Service Status Service Information 


pelected: service. Ready Precheck | Migrate E Target System 
9 E File System 
9 E MIGRATE 
Number of files/folders to migrate: O 
Service Elapsed Time (hh:mm:ss) : Number of files/folders migrated: 0 
Data to be migrated: O MB 
Remaining Time (hh:mm:ss) : Migrated data: O MB 
Trustee errors: O 
Total errors: O 
Migration Stan Time: 
Migration End Time: 


Service Start Time (dd-mm-yy hh:mm:ss) : 


Project Start Time (dd-mm-yy hh:mm:ss) : 


Project Elapsed Time (hh:mm:ss) : 


Not Started 


Create the Project File 


1 To create a new migration project, click New Project. Type the path to the project in the Location 
field or browse to the location and click Save. 


The filename can include any character except \*? < >|"/. The project name also serves as the 
project's folder name, so you might want to keep it short. The project folder stores the log files 
and other files associated with the project. 


or 
To open an existing migration project, click Open Project. Browse to the project and click Open. 
For example, /home/Carla/migration/mig. xml 


2 (Conditional) If you want to store the project file in a location other than the default location 
provided, click Browse and navigate to the desired location, then click OK. 


3 Continue with “Select the Source Server, Target Server, and Migration Type” on page 59. 
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Select the Source Server, Target Server, and 
Migration Type 


Specify the credentials to authenticate the source server and target server. 


1 Specify the source credentials and click OK. 


Æ Source Server Authentication 


1192.168.1.255| 


(e.g. 192. 168000000 or Host Name) 
C] Is Cluster Resource 


User Name: jcn=admin,o=novell 


(e.g. ch=admin,o=companyname) 


Password: |eeeeee 


root Password : 


(Required for OES Linux server) 


636 M [v] Use SSL 


a Target Server Authentication 


User Name : |ch=admin,o=novell 


(e.g. cnh=admin,o=companyname) 


Password: |eeeeee 


root Password: eeeeee 


| Use SSL 


(oe) Cancel 


On successful authentication, both the servers change to green. 


3 You must configure a service to enable the Migrate button. Continue with “Configure the 
Services” on page 60. 


4 Click Migrate. 
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Configure the Services 


1 Inthe Services to Migrate panel, click Add and select the services to migrate to target server. 
The Status of the services is Not Configured. 
2 Select the service to configure for migration, then click Configure. 


On successful configuration, the Status of the service changes to Ready. 


IMPORTANT: Before you proceed with migration, ensure that you have met all the prerequisites 
and configured the migration options for all the services that are to be migrated to the target 
server. 


For a list of service migration chapters and their corresponding documentation, see Part VII, 
“Service Migration,” on page 149. 


3 Continue with “Run the Migration” on page 60. 


Run the Migration 


1 Click Migrate to proceed with migration. 
You can view the service-specific status of the migration or the status of the overall migration: 


+ Inthe Status > Service Status tab, you can view the progress of migration. On completion of 
migration, the Status of a service changes to Migrated. 


+ In the Status pane > Service Information tab, you can view the tree view of services 
migrating to the target system. A message Migration completed for all Services is 
displayed on completion of the migration. 


NOTE: If you encounter any errors during migration, click View Logs in the left pane. After 
resolving the errors, execute the migration procedure again. 
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V Transfer ID Migration 


+ Chapter 10, “Preparing for Transfer ID,” on page 63 

+ Chapter 11, “Using the Migration GUI Tool for Transfer ID,” on page 69 
+ Chapter 12, “Using Migration Commands for Transfer ID,” on page 77 
+ Chapter 13, “Running Transfer ID Remotely,” on page 87 

+ Chapter 14, “Post Transfer ID Migration,” on page 89 


+ Chapter 15, “Troubleshooting Issues,” on page 93 
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Preparing for Transfer ID 


To prepare your source server and target server for a Transfer ID project, complete the tasks in the 
following sections: 

+ “Prerequisites” on page 63 

+ “Preparing the Source Server for Migration” on page 64 

+ “Preparing the Target Server for Migration” on page 64 

+ “Preparing Source and Target Server in an Active Directory Environment” on page 65 


Prerequisites 


+ Ensure that the source server and target server are running supported versions of NetWare or 
Linux server software. For more information, see “Support Matrix for NetWare and OES 
Services” on page 18. 


+ To perform transfer id using container admin, the container admin must have supervisory rights 
on the container he/she exists. 


+ The source server and the target server must be in the same eDirectory tree. 

+ The source and target server must be in the same subnet and gateway. 

+ The source server can either be a replica or a non-replica server in the eDirectory tree. 
+ The target server must be a non-replica server in the eDirectory tree. 


To make the target server as a non-replica server, select the Novell Pre-migration Server option 
while installing OES 2015 SP1 on the target server. 


+ Verify the health of eDirectory by executing the ndsrepair command on Open Enterprise Server 
(OES) 2015 with the following three options: 


+ Unattended Full Repair, execute the command: ndsrepair -U 
+ Time Synchronization, execute the command: ndsrepair -T 


The target server must be time synchronized with the source server. Time across all the 
servers in the replica ring should be synchronized. 


For more information on time synchronization, see “Time Services” in the OES 2015 SP1: 
Planning and Implementation Guide. 


NOTE: The ndsrepair command locks the eDirectory database, and this results in failure 
of the Transfer ID migration. You must ensure that all the eDirectory operations are 
complete before performing a Transfer ID migration. 


+ Report Synchronization Status, execute the command: ndsrepair -E 
All the eDirectory replicas are synchronized. 


For more information about DSRepair command, see Using DSRepair in the NetlQ eDirectory 
8.8 SP8 Troubleshooting Guide. 


If any errors are reported, resolve them before attempting migration. 


+ Ensure that the names and properties of the NSS pools and volumes on the target server are the 
same as on the source server. 
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+ 


+ 


Ensure that all the eDirectory replicas are up and working in the current partition; otherwise, 
eDirectory migration cannot be completed successfully. 


Ensure that the hostname and IP address of source server and target server are mapped 
correctly. The /etc/hosts file on the source server must contain correct entries for resolving 
source server's DNS hostname to IP address. 


Preparing the Source Server for Migration 


+ 


Shut down any applications, products, or services (virus scan software, backup software, etc.) 
running on the server to be migrated. 


(Recommended) Back up all the data of the source server, even though the source server data is 
not modified during migration. 


For information on creating a backup of eDirectory, see Backing Up and Restoring eDirectory in 
the NetlQ eDirectory 8.8 SP8 Administration Guide. 


You must back up the data and trustee of the source servers, 


Remove any unnecessary applications, then delete and purge unused files and folders. Files 
that are deleted from the source server prior to migration are not migrated to the target server. 


Ensure the NetWare server has a valid license. If Transfer ID is performed on the NetWare 
server with evaluation license, then it might fail due to insufficient user connections. 


If the source server is supported OES platform, enable the SSH service. Ensure you have copied 
the SSH keys to avoid multiple password prompts on execution of the DIB Copy step. For more 
information, see Step 1a on page 72. 


If the source server is NetWare, ensure to comment the line, “LOAD DSMETER” in the 
SYS: \SYSTEM\autoexec .ncf file and restart the NetWare server before performing Transfer ID. 


Ensure that the /root/.ssh/known_hosts file contains the entries of both the hostname and its 
corresponding IP address. 


On successful Transfer ID, the identity of the source server is transferred to the target server 
container. 


Preparing the Target Server for Migration 


+ 


Make sure that the Novell Pre-migration Server option is selected for the target server. 


When you install OES 2015 SP1 on the target server for a Transfer ID migration and you reach 
the Software Selection window, you must select the Novell Pre-migration Server option. This 
prepares eDirectory for the Transfer ID migration that you will perform later. 
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Figure 10-1 Novell Pre-migration Server 
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IMPORTANT: Select the Novell Pre-migration Server option at the start of OES 2015 SP1 
installation; otherwise, an eDirectory replica is installed on the server and it cannot be the target 
server for Transfer ID migration. If the target server already has OES 2015 SP1 installed, without 
the Novell Pre-migration Server option selected, then selecting this option later does not 
prepare the target server for Transfer ID migration until you reinstall OES 2015 SP1 and select 
this option. 


¢ Install the services that you need to migrate from the source server. 


If a service is not installed on the target server, it is not listed in the Migration Tool GUI screen for 
migration. This is a mandatory requirement. 


+ Back up the eDirectory information on the target server. For information on creating a backup of 
eDirectory, see Backing Up and Restoring eDirectory in the NetIQ eDirectory 8.8 SP8 
Administration Guide. 


+ Ifthe source server is a VLDB replica, then the target server also must be a VLDB replica. 


NOTE: Each DFS management context allows maximum of two VLDB replicas. If your setup has 
a source server and a non-target server as a VLDB replica, then you must ensure to remove the 
non-target server as VLDB replica and make the target server as a new VLDB replica. 


Preparing Source and Target Server in an Active 
Directory Environment 


In addition to the Transfer ID prerequisites, ensure to meet these specific prerequisites in an Active 
Directory environment. 


Table 10-1 Transfer ID Support Matrix in Active Directory Scenario 


Source Server Target Server Source Platform Target Platform Migration Support 
Support Support 
NSS AD configured NSS AD OES 2015 or later OES 2015 SP1 Supported 
configured 
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Source Server Target Server Source Platform Target Platform Migration Support 
Support Support 


NSS AD configured Only eDirectory OES 2015 or later OES 2015 SP1 Not Supported 


You can leave the AD 
domain and perform 
Transfer ID. Post-Transfer 
ID rejoin the domain. 


Only eDirectory NSS AD Supported OES OES 2015 SP1 Not Supported 


configured platform 
You can leave the AD 


domain and perform 
Transfer ID. Post-Transfer 
ID rejoin the domain. 


Source Server and Target Server are Configured With NSS 
AD 


+ The source server must be configured with OES 2015 or later. 
+ The target server must be configured with OES 2015 SP1. 


+ The source server and target server must join to the same Active Directory domain. For more 
information on joining to an Active Directory domain, see Installing and Configuring NSS AD 
Support in the OES 2015 SP1: NSS AD Administration Guide. 


During the eDirectory Precheck step, the source server’s files /etc/krb5.conf, /etc/krb5. keytab, 
/etc/resolv.conf, and /etc/opt/novell/nit/nitd.conf are copied to the target server. In the 
Repair step, the target server’s krb5.conf, krb5.keytab, resolv.conf files are replaced with the 
backed up source server files. The target server’s nitd.conf file is merged with the backed up 
source server’s nitd.conf file. 


On successful Transfer ID, the target server will leave the Active Directory domain and the source 
server computer domain object will be used. 


Source Server is Configured with NSS AD and Target Server 
is not in an AD environment 


+ The source server must be configured with OES 2015 or later. 
+ The source server must leave the AD domain. For more information, see --leave-domain in the 
OES 2015 SP1: NSS AD Administration Guide. 


Post-Transfer ID, you must join the target server to the AD domain. For more information, see 
Installing and Configuring NSS Active Directory Support in the OES 2015 SP1: Installation Guide or - 
-join in the OES 2015 SP1: NSS AD Administration Guide. 


Source Server is not in an AD environment and Target 
Server is Configured with NSS AD 


+ The target server must be configured with OES 2015 SP1. 


+ The target server must leave the AD domain. For more information, see --leave-domain in the 
OES 2015 SP1: NSS AD Administration Guide. 


Preparing for Transfer ID 


Post-Transfer ID, you must join the target server to the AD domain. For more information, see 
Installing and Configuring NSS Active Directory Support in the OES 2015 SP1: Installation Guide or - 
-join in the OES 2015 SP1: NSS AD Administration Guide. 
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Using the Migration GUI Tool for 
Transfer ID 


After you have completed the prerequisite procedures in Chapter 10, “Preparing for Transfer ID,” on 
page 63, you are ready to migrate the source server. To do this, complete the following tasks in the 
order they are listed: 

+ “Understanding Transfer ID GUI” on page 69 

¢ “Launch the Migration Tool Utility” on page 70 

+ “Create the Project File” on page 71 

+ “Select the Source and Target Server and the Migration Type” on page 71 

¢ “Configure the Services and Run Migration” on page 71 


+ “Run Transfer ID” on page 72 


Understanding Transfer ID GUI 


The Transfer ID GUI runs a series of tasks for transferring the server identity of the source server to 
the target server. The identity of the server is made up of its IP address, hostname and the eDirectory 
DIB information from the source server. 


On successful completion of the Transfer ID migration, the target server functions with the identity of 
the source server and source server goes offline 


The interface is divided into a left pane and right pane, and each task is associated with an icon that 
represents the status of the task. 


+ “Left Pane” on page 69 
+ “Right Pane” on page 70 


Left Pane 


The left pane lists a series of tasks to be completed for successful completion of Transfer ID. Each 
task is associated with an icon. 
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Table 11-1 Status Icons 


Icon Description 

© The task is not yet started. 

E The task is in progress. 

Gi The task is complete. 

o Errors must be resolved before proceeding with the next step. An error is displayed in the 
Errors text box. 

o You can choose to skip this task in the GUI and perform it manually. 


Right Pane 


+ Task Description: A description of the task in progress. The Command Executed field displays 
the command executed to perform the task. 


¢ Errors: A description of the error or warnings and a possible resolution. If no resolution is 
provided, you can find more information in the Novell Error Code online documentation (http:// 
www.novell.com/documentation/lg/nwec/index.htm)). 


+ Log Messages: Log messages for each executed tasks and the overall Transfer ID. 


+ Send E-mail Notification: Select this option to receive an e-mail for a main task. An e-mail is 
sent only if you have already configured the Email Notification tab in the main Migration GUI 
screen. E-mail is not sent for suggests. 


+ Ignore: Ignores a task and proceeds with the next task. 


+ Back: Click Back to re-execute a task. 


IMPORTANT: When the current task is executed, the changes are committed, using Back ona 
completed task does not roll back the changes. 


+ Next: Click Next to complete the current task and move to the next task. 


+ Cancel: Click Cancel to close the Transfer ID Wizard and quit the task. 


IMPORTANT: The Transfer ID process is canceled, but changes or steps executed earlier are 
not rolled back. 


Launch the Migration Tool Utility 


Log in as the root user and use one of the following methods to access the Migration Tool on your 
target server: 


Desktop: Click Computer > More Applications > System > Novell Migration Tool. 
Console: At a terminal prompt, enter 


miggui 
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Create the Project File 


1 To create a new migration project, click New Project. Type the path to the project in the Location 
field or browse to the location, then click Save. 


The filename can include any characters except \* ? < >|"/. The project name also serves as 
the project's folder name, so you might want to keep it short. The project folder stores the log 
files and other files associated with the project. 


or 
To open an existing migration project, click Open Project. Browse to the project and click Open. 
For example, /home/Carla/migration/mig. xml 


2 (Conditional) If you want to store the project file in a location other than the default location 
provided, click Browse and navigate to the desired location, and then click OK. 


Select the Source and Target Server and the Migration 
Type 
Specify the credentials to authenticate the source server and target server. 


1 Specify the source credentials, then click OK. 

If the Is Cluster Resource option is selected, Transfer ID scenario is not available. 
2 Specify the target server credentials, then click OK. 

On successful authentication, both the servers change to green. 


3 You can either migrate all the services to the target server and then transfer the NetWare or OES 
server's identity, or only transfer NetWare or OES server's identity to the target server. 


3a To migrate services, continue with “Configure the Services and Run Migration” on page 71. 
3b To transfer the NetWare or OES server's identity, click the Transfer ID button. 
3b1 Click Yes to perform identity transfer without migrating the services. 


3b2 Click No to configure and migrate services, refer to “Configure the Services and Run 
Migration” on page 71. 


Configure the Services and Run Migration 


1 Inthe Services to Migrate panel, click Add and select the services to migrate to target server. 
The Status of the services is Not Configured. 
2 To configure a service for migration, click Configure. 


On successful configuration the Status of the service changes to Ready. 


NOTE: Before you proceed with migration, ensure that you have met all the prerequisites and 
configured the migration options for all the services that are to be migrated to the target server. 


For a list of service migration chapters and their corresponding documentation, see the Part VII, 
“Service Migration,” on page 149. 


3 Click Migrate to proceed with migration. 


The Status pane displays service-specific migration progress. On completion of migration, the 
Status of a service changes to Migrated. 
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If you encounter any errors during migration, click View Logs in the left pane. After resolving the 
errors, execute the migration procedure again. 


In the Status pane, Service Information, you can view the progress of overall migration. A 
message Migration completed for all Services is displayed on completion of migration. 


4 (Optional) We recommend you to complete synchronization of the services before proceeding 
for Transfer ID. 


5 (Optional) Back up the eDirectory database and NICI keys. For more information, see “Backup 
eDirectory Database and NICI Keys” on page 85. 


6 Check the status of the migration. If migration is successful, then perform Transfer ID either by 
using GUI or CLI. 


+ To launch the Transfer ID GUI, click Transfer ID. For more information on performing the 
steps in the GUI, see “Run Transfer ID” on page 72. 


+ To use the command line, see Chapter 12, “Using Migration Commands for Transfer ID,” on 
page 77. 


Run Transfer ID 


Ensure that you have completed the following: 


+ All the services you need to migrate must be configured on the target server. 


+ Ensure that all eDirectory processes (such as eDirectory repair) are completed before 
performing the Transfer ID scenario. The Transfer ID process locks the DIB (eDirectory 
database) on the source server and no operations can be performed. 


+ Back up the eDirectory database. For more information, see “Backup eDirectory Database and 
NICI Keys” on page 85. 


IMPORTANT: Some of the steps for Transfer ID need to be performed manually. The GUI displays 
messages to ensure that you have completed the manual step. When the manual steps are 
completed, click OK to proceed to the next step. If you skip the manual steps, errors are encountered 
in the subsequent steps. 


The Transfer ID GUI displays tasks you perform to complete the identity transfer. 


1 eDirectory Precheck: Click Next. 


The eDirectory Precheck step can be executed multiple times to verify the health of the 
eDirectory tree. Executing this step does not modify the source server and target server. 


On successful completion of this step, the icon adjacent eDirectory Precheck changes to a green 
check mark. 


1a (Conditional) If the source server is supported version of OES, ensure that you have copied 
the SSH keys to avoid multiple password prompts on execution of this step. 


la1 Enable SSH on the source server and the target server. 
la2 Enter the + ssh-keygen -t rsa command on the target server. 


1a3 When you are prompted to enter the file in which to save the key (/root/.ssh/ 
id_rsa), press Enter. 


The ssh keys are stored in the default location. 


1a4 When you are prompted to enter the passphrase (empty for no passphrase), press 
Enter. 


We recommend that you do not include the passphrase. 
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1a5 Copy the key value (the output of the + ssh-keygen -t rsa command) to the source 
server. 


# scp ~/.ssh/id_rsa.pub root@<source-server>:/root/ 
where <source-server> is the IP address or the hostname of the source server. 


1a6 Log on to source server by using ssh. Ifthe .ssh directory is not available, create the 
directory, then append the key value to the list of authenticated keys. 


cat id_rsa.pub >> /root/.ssh/authorized_keys 
2 Preparation: Click Next. 


The Preparation step removes eDirectory from the target server. The LUM association with the 
groups and users is no longer available because the Unix Workstation object is also removed. 


This step fails to execute if the prerequisites are not met. 


Source Server and Target server in Active Directory environment: If the source server and 
target server are in Active Directory environment, additional Domain Authentication screen is 
displayed. You must specify the credentials to authenticate to the Active Directory server. 


+ Domain Name: Specify the Active Directory domain name that the OES server is joined to. 


+ Administrator Name: Specify the user name that can be used for the domain join 
operation. This user should have the following privileges: rights to reset password, create 
computer objects, delete computer objects, and read and write the msDs - 
supportedEncryptionTypes attribute. 


+ Password: Specify the password of the user who is used for the domain join operation. 


+ Port: Specify the port number for the SSL connection on the Active Directory server. By 
default, port 636 is used for the SSL connection and port 389 for the non-SSL connection. 


+ Use SSL: Select this option to perform Transfer ID by using the SSL connection. 
3 DIB Copy: Click Next. 


The DIB Copy creates a eDirectory DIB (Directory Information Base) copy of the source server 
on to the target server. 


On completion of this step, the source server's DIB is locked and further operations are not 
permitted on the source server. The eDirectory database and the NICI files are copied to the 
target server. 


IMPORTANT: This command fails to execute if the replica ring is not in sync, or the time is not 
synchronized among all the servers in the replica ring. 


The eDirectory database on the source server is locked. The eDirectory database and the NICI 
files are copied to the target server. 


4 Shutdown Source: Click Next to manually shut down the source server and disconnect it from 
the network. 


4a You are prompted to confirm that the source server is shut down. Click OK and proceed with 
the next step, or click Cancel and shutdown the source server. 


5 DIB Restore: Click Next to restore the eDirectory database that was backed up from the source 
server in Step 3 on page 73 on the target server. This includes the NICI keys and the eDirectory 
related information. 


WARNING: If the backup in Step 3 on page 73 was not successful, the DIB Restore step fails. A 
failure at this point might cause the target eDirectory server to be unusable. 


6 IP Change: Click Next to change the IP address of the services and their configuration files on 
the target server to the source server IP address. 
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IMPORTANT: Failure of the script to change the IP address, or terminating the operation 
manually, might cause the system to hang. For more details, refer to Chapter 15, 
“Troubleshooting Issues,” on page 93. 


If you are executing the Migration GUI by using a remote session, the Transfer ID wizard hangs 
and fails to proceed. For more information, refer Chapter 13, “Running Transfer ID Remotely,” on 
page 87. 


+ System: The target server IP address is overwritten with the source server IP address. 


+ Services: The configuration files of the migrated services are assigned with the new IP 
address of the target server. 


+ Others: The IP address change scripts located in the nonplugin folder is executed. 
Executes the IP address change scripts for the services that are not included in the plug-ins 
of the Migration Tool GUI. The IP address change scripts are located in the /opt/novell/ 
migration/sbin/serveridswap/scripts/ipchange/nonplugin/ folder. If you need to 
change the IP address of any additional services, you must add the scripts to the 
nonplugin folder. 


No e-mail is sent in this step, even if you have selected the settings to receive an e-mail. 


7 Hostname Change: Click Next to change the hostname of the system, services and their 
configuration files to the source server hostname. 


IMPORTANT: Failure of the script to change the hostname or terminating the operation 
manually, may cause the system to hang. For more details, refer to Chapter 15, “Troubleshooting 
Issues,” on page 93. 


+ System: The target server hostname is overwritten with the source server hostname. 


+ Services: The configuration files of the migrated services are assigned with the new 
hostname of the target server. 


+ Others: Executes the hostname change scripts for the services that are not included in the 
plug-ins of the Migration Tool GUI. The hostname change scripts are located in the /opt/ 
novell/migration/sbin/serveridswap/scripts/hostchange/nonplugin/ folder. If you 
need to change the hostname of any additional services, you need to add the scripts in the 
nonplugin folder. 


In this step, the Transfer ID wizard runs the hostname change scripts located in the 
nonplugin folder. 


NOTE: No e-mail is sent in this step, even if you have selected the settings to receive an e- 
mail. 


8 Reinitialize Server: Click Next to reinitialize the target server with the IP address and hostname 
of the source server. eDirectory is also restarted. 


9 Repair: Click Next displays an option to perform either of the following eDirectory repair: 
+ Unattended full repair of eDirectory (existing option in earlier OES releases) 
+ Local eDirectory database and network repair 


The ndsrepair command is used to perform eDirectory repair. Service-specific repairs only run 
for services that were migrated using the current project. 


¢ eDirectory: Checks if eDirectory is up and running on the target server. It also runs a repair 
on the eDirectory tree. 


+ Certificates: Repairs the target server certificate and the trusted root certificate. 
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+ LUM: The following steps are performed during LUM repair: 
+ Creates a Unix Workstation object. 
+ Regenerates the certificate for LUM on the target server. 
+ Associates LUM groups and users to the target servers's Unix Workstation object. 
+ Refreshes the LUM cache. 


+ Services: Repairs the services that are migrated to the target server. If no services are 
configured for migration, then the Migration Tool skips this step and icon adjacent to 
Services changes to a green check mark. 


+ Others: Executes the repair scripts for the services that are not included in the plug-ins of 
the Migration Tool GUI. The scripts are located in the /opt/novell/migration/sbin/ 
serveridswap/scripts/repair/nonplugin/ folder. If you need to repair any additional 
services, you must add the scripts to the nonplugin folder. 


In this step, Transfer ID wizard runs the scripts located in nonplugin folder. 


+ CleanUp: Lists all the stale objects available on the temporary server. You can select the 
stale objects that needs to be deleted from the target server. Click OK to delete the selected 
objects. 


10 Restart Server: Manually restart your target server for completion of Transfer ID. 
The target server now runs with the source server identity. 


Continue with Section 14, “Post Transfer ID Migration,” on page 89. 
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Using Migration Commands for Transfer 
ID 


Before running Transfer ID, ensure you have met all the prerequisites and prepared your servers as 
described in “Preparing the Source Server for Migration” on page 44 and “Preparing the Target 
Server for Migration” on page 44. 


Before you begin, remember the following considerations: 


+ All the services you need must be migrated to the target server. 
+ When you start the Transfer ID process, you cannot perform any operations on the source server 
because the process locks the DIB (eDirectory database) on the source server. 
Run all the commands on the target server, to perform Transfer ID: 


1 eDirectory Precheck: Executes prerequisites that need to be done for Transfer ID scenario. 
la Use the following command to do an eDirectory precheck: 
migedir -s <sourceipaddress> -u -A <projectpath> -i -t 


For example, /opt/novell/migration/sbin/migedir -s 172.16.100.101 -u -A / 
var/opt/novell/migration/NewProj® -i -t 


When prompted, enter the username and password of the source server. 


This step can be executed multiple times to verify the health of the eDirectory tree. 
Execution of this step does not modify the source server and target server. 


1b Check the availability of the hostname and IP address on the source server. The hostname 
or IP address can be resolved using the DNS server or using the /etc/hosts file on the 
source server (OES Linux) or SYS:etc\hosts file on the NetWare server. 


1c The nam. conf file on the target server includes LUM settings that will be required later while 
performing the repair steps for migration. Create a backup of /etc/nam. conf file on the 
target server by executing the command: cp /etc/nam.conf <Project_path>/ 
nam.conf.target. 


For example: cp /etc/nam.conf /var/opt/novel1/migration/NewProj0/ 
nam.conf.target 


1d If the source server is OES, create a backup of the /etc/nam. conf file of the source server. 


1e (Conditional) In an Active Directory environment, copy the following files from the source 
server to the migration project location on the target server. For example, /var/opt/ 
novell/migration/NewProj0/. 


+ /etc/krb5.conf 

+ /etc/krb5.keytab 

+ /etc/resolv.conf 

+ /etc/opt/novell/nit/nitd.conf 
1 


> 


Retrieve and store the list of LUM enabled groups: 
(Conditional) If the source server is NetWare, enter 
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ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam-grpmod.rb 
-H <target server short hostname> -a <admindn> -S <ldap-server-ip> --ldap- 
port <port number> -p <password> -1 


The above commands displays the list of groups that are LUM-enabled on the target server. 
These same groups must be LUM-enabled on completion of Transfer ID. 


1g Ifthe source server is OES, ensure that ssh keys to avoid multiple prompts for password on 
execution of this step. 


To copy the ssh keys: 
1. Enable ssh on the source server and target server. 
2. Enter the command on the target server, + ssh-keygen -t rsa 
On executing the above command, you are prompted for the following: 
a. “Enter file in which to save the key (/root/.ssh/id_rsa)”, press Enter. 
The ssh keys are stored in the default location. 
b. “Enter passphrase (empty for no passphrase)”, press Enter. 
We recommend you not to include passphrase. 
3. Copy the key value i.e. the output of the above command to the source server 
# scp ~/.ssh/id_rsa.pub root@<source-server>:/tmp 
4. Log to source server using ssh and add the key value to the list of authenticated keys. 
cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys 


ih If the source server is OES, ensure to copy the .nss. dat file to the target server. This file 
stores the nss user context information of the source server and is required when we repair 
the NSS admin object. 


Enter the command on the target server, 
scp <Source-IP>:/var/opt/novell/nss/.nss.dat /tmp/ 


2 Preparation: Removes the eDirectory from the target server. The LUM association with the 
groups and users is no longer available because the Unix Workstation object is also removed. In 
an AD environment the source server leaves the AD domain. 


2a (Conditional) In an Active Directory environment, execute the following command: 
2a1 /opt/novell/xad/bin/kinit Administrator@<ad domain name> 


This command prompts for the administrator password. 


IMPORTANT: Executing kinit is necessary to obtain and cache Kerberos ticket- 
granting ticket. It is mandatory to obtain the ticket before performing any AD domain 
related operations. 


2a2 The target server must leave the AD domain, execute the following command: 
/opt/novell/bin/novell-ad-util --leave-domain 


For more information, see --leave-domain in the OES 2015 SP1: NSS AD 
Administration Guide. 


2b To remove the Unix Workstation object on the target server, enter 
/usr/bin/namconfig rm -a <admindn> 


In the above command for SSL connection, you must use -l| option and specify default port 
number as 636. 


2c To remove eDirectory from the target server, enter 
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/opt/novell/eDirectory/bin/ndsconfig rm -c -a <admindn.novell> -w 
ADM_PASSWD --config-file /etc/opt/novell/eDirectory/conf/nds.conf 


Use dot format when passing values for -a option. For example, -a admin.novell 


2d To verify the health of the eDirectory and to ensure that both the source server and target 
server are time-synchronized, enter 


migedir -s <sourceipaddress> -u -A <projectpath> -i -t 


For example, /opt/novell/migration/sbin/migedir -s 172.16.100.101 -u -A / 
var/opt/novell/migration/NewProjO -i -t 


When prompted, enter the username and password of the source server. 
2e To perform common proxy migration, see “Pre-Migration Procedure” on page 258. 


3 DIB Copy: Creates a backup of the eDirectory DIB (Directory Information Base) of the source 
server on to the target server. This step locks the DIB of the source server and further operations 
are not permitted on the source server. 
migedir -s <source-server-ip> - u -A <logfile directory> -i -B 
For example, /opt/novell/migration/sbin/migedir -s 172.16.100.101 -u -A /var/ 
opt/novell/migration/NewProj0O -i -B 


On running the above command, you are prompted for the username and password of the 
source server. Enter the admin credentials when prompted. 


IMPORTANT: This command fails to execute if the replica ring is not in sync, or the time is not 
synchronized between all the servers in the replica ring. 


NOTE: If you need to perform any operations on the source server, you must unlock the DIB. To 
unlock the DIB on the NetWare server, reload the DS.n1m file and on the OES server, restart 
ndsd daemon. 


4 Shutdown Source: You need to shutdown the source server. 


5 DIB Restore: Restores the eDirectory database that was backed up from the source server in 
Step 3 on the target server. This includes the NICI keys and the DIB identity. 


IMPORTANT: Ensure to backup the target eDirectory database and NICI keys, see “Backup 
eDirectory Database and NICI Keys” on page 85 for more information. 


5a At the command prompt of the target server, enter 
migedir -R 
For example, /opt/novell/migration/sbin/migedir -R 


On running the above command, you will be prompted for the administrator credentials for 
the source server. 


WARNING: If the backup in Step 3 on page 79 was not successful, the DIB Restore step 
fails. A failure at this point may cause the eDirectory service on the target server to be 
unusable. 


6 IP Address Change: The IP address of the target server and its services is changed to the 
source server IP address. 
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The scripts to be executed in this step are located in the /opt/novell/migration/sbin/ 
serveridswap/scripts/ipchange and /opt/novell/migration/sbin/serveridswap/ 
scripts/ipchange/nonplugin folders. 


+ 


To change the IP address of the server in the /opt/novell/migration/sbin/ 
serveridswap/scripts/ipchange folder, enter 


ruby server-yast-ipchange.rb --old-ip <target_server IP> --ip 
<source_serverIP> 


For example, ruby server-yast-ipchange.rb --old-ip 172.16.200.201 --ip 
172.16.100.101 


The ipchange folder contains a list of scripts that need to be executed for changing the IP 
address. An example to change the IP address of the services on the target server by using 
the iprintipchange.sh script in the /opt/novell/migration/sbin/serveridswap/ 
scripts/ipchange/nonplugin folder, enter 


<server -script> <target_server IP> <source_server IP> <source_server IP> 
<source_server IP> 


For example, iprintipchange.sh 172.16.200.201 172.16.100.101 172.16.100.101 
172.16.100.101 


You also need to run the remaining scripts for other services in the same manner. 


WARNING: Failure of the script to change the IP address or terminating the operation 
manually, may cause the system to hang. If a service-specific IP address script fails to 
change the IP address, replace the <service>.conf file with <service>.orig file. 


For example, if eDirectory authentication fails on completion of IP Change step, do the 
following: 


cp /etc/opt/novell/eDirectory/conf/nds.conf.orig /etc/opt/novell/ 
eDirectory/conf/nds.conf 


To change the IP address for the configuration files of each service on the target server 
enter the following in the /opt/novell/migration/sbin/serveridswap/scripts/ 
ipchange/nonplugin folder: 


ipchange.sh <oldip> <newip> <oldremoteip> <newremoteip> yes 


Here, oldip is the IP address of the existing server and newip is the new IP address 
assigned to the server. The oldremoteip is the remote IP address that you used when 
installing the existing server into the eDirectory tree. If the remote IP address is not changed 
then, oldremoteip and newremoteip can be same. 


Example 12-1 For example, ipchange.sh 172.16.200.201 172.16.100.101 172.16.200.200 
172.16.200.200 yes 


If you want to execute any additional scripts copy them to the /ipchange/nonplugin folder 
in the same pattern as the existing scripts. 


7 Host Name Change: Hostname of the services is changed to source server hostname. 


7a To change the hostname of the server and the services go to /opt/novell/migration/ 


7b 


sbin/serveridswap/scripts/hostchange folder, enter 
<hostname-script> <targethostname> <sourcehostname> 


For example, server -hostname-change.sh aus-market201.marketing.com aus- 
market101.marketing.com 


On the console, enter 


hostname <sourceserve r_name> 
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The above command changes the hostname of the server, when you relogin. 


If you want to execute any additional scripts copy them to the nonplugin folder in the same 
pattern as the existing scripts. 


For example, ./iprinthostchange.sh oldhostname newhostname oldmasterhostname 
newmasterhostname 


where oldhostname is the old server host name and newhostname is the new server host 
name. The master hostname is the hostname of the master server in the eDirectory tree. 
The oldmasterhostname and newmasterhostname can be the same if the master hostname 
is not changed on performing Transfer ID migration. 


WARNING: Failure of the script to change the hostname or terminating the operation 
manually, may cause the system to hang. If a service specific hostname script fails to 
change the hostname, replace the <service>.conf with <service>.orig file. 


For example, if iPrint authentication fails on completion of Hostname Change step, do the 
following: 


cp /etc/opt/novell/iprint/httpd/conf/iprint_ssl.orig /etc/opt/novell/ 
iprint/httpd/conf/iprint_ssl.conf 
8 Reinitialize Server: Reinitialize the target server with the IP address and hostname of the 
source server. In this step, eDirectory is also restarted. 

¢ To re initialize the server, enter 
/etc/init.d/network restart 

+ To restart eDirectory, enter 
/etc/init.d/ndsd restart for restarting nds 


Next, you need to repair eDirectory, certificates for the server, LUM, and other OES services on 
the target server. 


9 Repair: Performs repair of eDirectory, certificates, LUM, and services on the target server. The 
ndsrepair command is used to perform eDirectory repair. The service-specific repairs run only 
for services that were migrated using the current project. 


9a eDirectory: You can either perform “Unattended full repair of eDirectory” or “Local 
eDirectory database and network repair” 


9a1 To perform unattended full repair of eDirectory, enter 
/opt/novell/eDirectory/bin/ndsrepair -U 
or 

9a2 To perform local eDirectory database and network repair 
/opt/novell/eDirectory/bin/ndsrepair -N 
/opt/novell/eDirectory/bin/ndsrepair -R 

9a3 To restart eDirectory, enter 
/etc/init.d/ndsd restart 

Ensure to fix all errors before proceeding with the next step. 

9b Repair Certificates: To create the SAS object, enter 


/opt/novell/eDirectory/bin/ndsconfig add -m sas -a <admin dn> --config-file 
/etc/opt/novell/eDirectory/conf/nds.conf 


9b1 To regenerate the certificate on the target server, enter 


/opt/novell/oes-install/util/getSSCert -a <new_ip_address> -t 
<treename> -u <admindn dot format> - x <password> 


Using Migration Commands for Transfer ID 81 


82 


9b2 


9b3 


9b4 


For example, /opt/novell/oes-install/util/getSSCert -a 172.16.100.101 -t 
TESTTREE -u cn=admin.o=novell -x novell 


The regenerated SSCert . der certificate is stored at /etc/opt/novell/certs location. 
To convert the certificate to the pem format, enter 


openssl x509 -inform der -in /etc/opt/novell/certs/SSCert.der -outform 
pem -out /etc/opt/novell/certs/SSCert.pem 


To verify the health of eDirectory, enter 


ndscheck -h <new_ip_address> -a <admindn dot format> -w <adminpass> -F 
<Project_path> 


For example, ndscheck -h 172.16.100.101 -a cn=admin.o=novell -w novell - 
F /var/opt/novell/migration/Newproject1/ndscheck.log 


You must resolve all errors before proceeding to the next step. It is recommended to 
backup the nam.conf file before proceeding with the next step. 


(Conditional) To remove the existing nam.conf, enter 


rm /etc/nam. conf 


9c LUM: Create or modify the existing Unix Workstation object: 


+ 


9c1 


If the source server is NetWare, a new Unix Workstation object is created. Enter the 
following command: 


ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam- 
reconf.rb -a <admindn comma format> -p <admin password> -S <ldap- 
server-ip> --ldap-port <port number> -u <Unix_config_object-dn> 


where Unix_config_object-dn is the value of the base-name parameter in the nam.conf 
file. A backup of the file was created in Step 1c. 


Idap-server-ip is the value of the preferred-server parameter in the nam. conf . target 
file. 


NOTE: If the value of the preferred-server parameter is the same as the IP address of 
the target server, then the value of the /dap-server-ip must be the same as the IP 
address of either the source server or the appropriate LDAP server. 


If the source server is OES, the Unix workstation object is retained. To modify the Unix 
workstation object, enter the following command: 


ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam- 
reconf.rb -a <admindn comma format> -p <admin password> -S <ldap- 
server-ip> --ldap-port <port number> -u <Unix_config_object-dn> 


where Unix_config_object-dn is the value of the base-name parameter in the nam.conf 
file. A backup of the file was created in Step 1d. 


Idap-server-ip is the value of the preferred-server parameter in the nam. conf . target 
file. 


For example, ruby /opt/novell/migration/sbin/serveridswap/scripts/ 
repair/nam-reconf.rb -a cn=admin,o=novell -p novell -S 172.16.200.201 - 
-1dap-port 636 -u "o=novell" 


To copy the certificate for LUM operations, enter 


cp /etc/opt/novell/certs/SSCert.der /var/lib/novell-1lum/ 
.<new_ip_address>.der 


For example, cp /etc/opt/novell/certs/SSCert.der /var/lib/novell-1lum/ 
.172.16.100.101.der 
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9c2 (Conditional) If the source server is NetWare, run the command to modify the users 
and groups listed in Step 1f on page 77: 


ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam- 
grpmod.rb -H <source short hostname> -a <admin dn> -S <ldap-server-ip> 
--ldap-port <port number> -p <password> --grp <group FDN> -I <LUM enabled 
user and groups> [--check] 


Idap-server-ip is the value of the preferred-server parameter in the nam.conf.target 


file. 

Parameters Description 

-H Specify the hostname of the source server 

-a Specify the administrator's name in LDAP format 

-S Specify the IP address of the preferred LDAP eDirectory server. 

--Idap-port Specify the port for LDAP server to listen on. 

-p Specify the administrator’s password. 

--grp Specify the group to be modified. 

-l Specify the list of LUM enabled user and groups in fully distinguished format. 
--check Verify LUM enabled users and groups 


When prompted, enter the password for the administrator. 


9c3 (Conditional) If the source server is OES, modify the users and groups by entering the 
following command: 


ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam-fix.rb 
-H <new_server short hostname> -a <admindn_comma_format> -p <password> 
-S <ldap-server-ip> --ldap-port <port number> 


For example, ruby /opt/novell/migration/sbin/serveridswap/scripts/repair/nam-fix.rb -H 
mark-nov101 -a cn=admin,o=novell -p novell -S 172.16.100.101 --Idap-port 636 


9c4 Refresh LUM Cache, run /usr/bin/namconfig cache_refresh to rebuild LUM 
cache. 


9c5 (Conditional) If the source server is OES linux server, enter 

chown -R wwwrun:www /var/opt/novell/nici/30 

You must change the ownership, so that you can login to iManager post-Transfer ID. 
To repair pool and volume objects, enter 


/opt/novell/migration/sbin/serveridswap/scripts/repair/volrepair.rb -a 
<admindn_comma_format> -p <password> -f <project_path>/fs 


For example, /opt/novell/migration/sbin/serveridswap/scripts/repair/volrepair.rb -a 
cn=admin,o=novell -p novell -f /var/opt/novell/migration/NewProj1/fs 


Services: The scripts are executed for the services that are migrated before performing 
Tansfer ID. 


+ To repair iPrint service, enter 


/opt/novell/migration/sbin/serveridswap/scripts/repair/iprintrepair.sh 
-s <new IP> -u <admindn comma format> -T <source type {-L|-N}> -p <ssl 
port> -S 
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For example, /opt/novell...iprintrepair.sh -s 172.16.100.101 - u cn=admin,o=novell -T -L 
-p 636 -S 


Specify -S option only when LDAP server is configured for SSL. And do specify SSL 
port only if its configured. 


+ To repair CIFS service, enter 


sh /opt/novell/migration/sbin/migcifs.sh -s <new IP> -p <ssl port> -a 
<admindn_ldap_format> {-f 1 <if ssl> | -f © <non-ssl>} -t <tree name> - 
d <target server IP> -q <port> -b <admin name> {-g 1 <if ssl> | -g 0 
<non-ssl>} -m <project_path>/cifs/cifsSourceShares.tmp -S 3 -r 


9f Others: Execute the repair scripts for the services that are not included in the plug-ins of 
the Migration Tool. 


+ NSS Admin Object: To repair the NSS admin object, execute the following on the 
target server depending on the source server (NetWare or OES): 


/opt/novell/migration/sbin/serveridswap/scripts/repair/nss- 
adminrepair.sh -a <admindn dot format> -p <admin password> -s <source 
server [OES/NW]> -o <nssadmin object name with server context> 


where -a, -p, -S are mandatory parameters. If the source server is NetWare (NW), the - 
o option is required to create a new NSS admin object. 


For example: nss-adminrepair.sh -a admin.sales.novell -p test -s NW -o 
nssAdminUser.sales.novell 


+ Common Proxy: 


+ If the source is Netware, to repair common proxy on the target OES 2015 SP1 
server, execute the following: 


/opt/novell/proxymgmt/bin/mignwproxy.sh -d <LDAP Admin FDN> -w 
<LDAP Admin Password> -i <LDAP-Server-IP-Address> -p <LDAP Secure 
Port> 


+ Ifthe source is Linux, to perform common proxy migration on the target OES 
2015 SP1 server, see “Post-Migration Procedure” on page 259. 


+ Active Directory: 


1. Overwrite the target server's files /etc/krb5.conf, /etc/krb5.keytab, and / 
etc/resolv.conf with source server files copied in Step 1e. 


2. Merge the contents of the target server’s file /etc/opt/novell/nit/nitd.conf 
with the source server file nitd.conf copied in Step 1e. 


3. Execute the following command: 
rcnovell-nit restart 
4. Execute the following command: 
/opt/novell/xad/bin/kinit -E Administrator@<ad domain name> 
+ NetStorage: To repair NetStorage, enter the following commands: 
/opt/novell/xtier/bin/xsrvcfg -D 
/opt/novell/xtier/bin/xsrvcfg -d <ipaddress> -c <context> 


where context is the value of the attribute CONFIG _XTIER_-USERS CONTEXT in / 
etc/sysconfig/novell/netstore1i file. 


/usr/sbin/rcnovell-xregd restart 


/usr/sbin/rcapache2 restart 
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10 Restart Server: Restart the target server for the changes to take effect. 


On successful completion of the Transfer ID migration, the target server functions with the 
source server's eDirectory identity. 


Backup eDirectory Database and NICI Keys 


Before performing Transfer ID, we recommend that you to back up your eDirectory database and 
NICI keys on both the source server and target server. If the Transfer ID fails or you quit the scenario, 
you cannot perform any actions on the source server without restoring the server’s DIB from the 


backup. 


For more information on backing up and restoring eDirectory, refer to the NetiQ eDirectory 8.8 SP8 
Administration Guide. 


For more information on backing up and restoring NICI keys, refer to the NetIQ eDirectory 8.8 SP8 
Administration Guide. 
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3 Running Transfer ID Remotely 


NOTE: It is recommended to perform Transfer ID from the target OES machine instead of performing 
it remotely. 


If you need to perform Transfer ID remotely, you need to complete the prerequisite procedures in 
Chapter 10, “Preparing for Transfer ID,” on page 63. When you perform Transfer ID remotely, after 
the IP address of the target server is changed with the IP address of the source server, the remote 
machine hangs. This happens because the IP address of the target server no longer exists. To 
perform Transfer ID remotely, perform any of the following methods: 

+ “Using Two Network Interface Cards” on page 87 

+ “Using VNC” on page 87 

+ “Using SSH” on page 88 


Using Two Network Interface Cards 


To perform Transfer ID remotely, you can connect to the secondary IP address of the target machine 
using SSH client or VNC client and follow Step 1 on page 72 to Step 10 on page 75. The connection 
will never be terminated because only the primary IP address of the target server changes during 
Transfer ID. 


Using VNC 


To perform Transfer ID by using the VNC client (TightVNC), perform the following steps: 
1 Connect to the remote VNC client(TightVNC) running on target server from your server or 
desktop by providing the IP address of the target server. 
2 On the command prompt enter, miggui to launch the application. 
3 Authenticate both source and target servers. 
4 Select the migration type as Transfer ID. 


You can either migrate all the services to an OES server, then transfer the NetWare or OES 
server's identity, or only transfer NetWare or OES server's identity to an OES server. 


5 Perform Step 1 on page 72 (eDirectory Precheck) to Step 6 on page 73 (IP Change) provided in 
the “Run Transfer ID” on page 72. 


After changing the IP address, the TightVNC console will hang. 
6 Close VNC client and then relaunch it. 
7 Connect to the VNC server by providing the new IP address from Step 5. 


8 To complete Transfer ID, perform Step 7 on page 74 (Hostname Change) to Step 10 on page 75 
(Restart Server) provided in the “Run Transfer ID” on page 72. 


Running Transfer ID Remotely 87 


88 


Using SSH 


You can migrate the services (Step 1 to Step 5) using either the Migration GUI or using CLI. From 
Step 6, you must proceed only with CLI because after IP change you cannot SSH to the target server. 


To perform Transfer ID by using the SSH console, perform the following steps: 
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Connect to target server using SSH. 

On the command prompt enter, miggui to launch the application. 
Authenticate both source and target servers. 

Select the migration type as Transfer ID. 


You can either migrate all the services to an OES server, then transfer the NetWare or OES 
server's identity, or only transfer NetWare or OES server's identity to an OES server. 


Save the project and close the Migration Tool GUI. 


6 Run the scripts mentioned in Step 1 on page 77 (eDirectory Precheck) to Step 5 on page 79 (DIB 


Restore) provided in the Chapter 12, “Using Migration Commands for Transfer ID,” on page 77. 


On the SSH terminal console, run the script mentioned in Step 6 on page 79 (IP Change) 
provided in the Chapter 12, “Using Migration Commands for Transfer ID,” on page 77. 


After running these scripts the remote machine hangs. 


8 Reconnect to the target server with the new IP address provided in Step 7. 


9 On the SSH terminal console, run the scripts mentioned in Step 7 on page 80 (Host Name 
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change) to Step 8 on page 81 (Reinitialize Server) provided in the Chapter 12, “Using Migration 
Commands for Transfer ID,” on page 77. 


To complete Transfer ID, run the scripts mentioned in Step 9 on page 81 (Repair) to Step 10 on 
page 85 (Restart Server). 
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1 A Post Transfer ID Migration 


+ “Joining Target Server to an Active Directory Domain” on page 89 
+ “Cleanup Objects” on page 89 
+ “DFS Junctions are Not Restored” on page 91 


Joining Target Server to an Active Directory Domain 


If the source server or the target server is not joined to AD, then on completion of Transfer ID, you 
must join the target server to an Active Directory domain either by using Yast or the command line 
options. 


+ For more information on performing the steps by using YaST, see Installing and Configuring NSS 
Active Directory Support in the OES 2015 SP1: Installation Guide. 


+ To use the command line, see Domain Join Tool to Join the OES 2015 Servers to an Active 
Directory Domain. 


Cleanup Objects 


On completion of Transfer ID, some of the objects in eDirectory retain the temporary Linux server 
hostname. You can either clean up the objects from the GUI or manually from the target server. Even 
if the objects are not cleaned, they do not impact the working of the target server. 

+ “AFP” on page 89 

+ “CIFS” on page 90 

¢ “eDirectory” on page 90 

+ “NSS” on page 90 

+ “iPrint” on page 90 

+ “DHCP, FTP, NTP and iFolder” on page 90 


AFP 


If you decide to delete the proxy username having the old hostname, you must recreate new proxy 
user using YaST. 


1 Using iManager delete the proxy user. The format of the proxy user is cn=afpProxyUser- 
<new_hostname>.<context_of_server> 


2 Using YaST, recreate the proxy user. 


yast2 novell-afp 
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CIFS 


If you decide to delete the proxy username having the old hostname, you must recreate new proxy 
user using YaST. 


1 Using iManager delete the proxy user. The format of the proxy user is cn=cifsProxyUser- 
<new_hostname>.<context_of_server> 


2 Using YaST, recreate the proxy user. 


yast2 novell-cifs 


eDirectory 


Delete the following objects that are present with temporary Linux hostname: 


+ SAS Service-<temporaryLinuxhostname> 

+ DNS AG <temporaryLinuxhostname> 

+ IP AG <temporary IP address-temporaryLinuxhostname> 
+ SSL CertificateDNS-<temporaryLinuxhostname> 

+ SSL CertificatelP-<temporaryLinuxhostname> 


NSS 


+ “Pools and Volumes” on page 90 


Pools and Volumes 


The pools and volumes created on the Linux server before performing Transfer ID are associated 
with the old hostname, perform the following post Transfer ID: 


1 Using iManager, delete the pool and volume object containing the temporary Linux hostname 
name. 


2 (Conditional) If the target server contains pools or volumes which are not available on the source 
server, recreate these objects using Update NDS option from NSSMU. 


¡Print 


1 To delete NDPSPrinter object, run /opt/novell/iprint/bin/iprintcleanup.p1 script. 
For information on how to run the script, see “Cleaning Up Stale Objects” on page 233. 


DHCP, FTP, NTP and ¡Folder 


These services require no additional steps after Transfer ID. 
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DFS Junctions are Not Restored 


If a volume on the source server is a DFS junction target, the junctions are not restored on the target 
server after Transfer ID migration. 
After performing Transfer ID, delete the ~DFSINFO.8-P file from the migrated volumes on the target 


server, then run VLDB repair to update the file from eDirectory. For more information about VLDB 
repair, see “Repairing the VLDB” in the OES 2015 SP1: Novell Distributed File Services 


Administration Guide for Linux. 
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D Troubleshooting Issues 


+ “Copying NICI Keys Fails When Performing Transfer ID” on page 93 
+ “LUM Repair Fails When Performing Transfer ID” on page 93 


+ “On Completing Transfer ID migration, ¡Manager or Novell Remote Manager is Not Accessible 
via a Web browser on the Target Server” on page 93 


+ “System Might Hang on Terminating the IP Address Change Step when Performing the Transfer 
ID Scenario” on page 94 


+ “System Might Hang on Terminating the Hostname Change Step when Performing the Transfer 
ID Scenario” on page 94 


+ “On Failure of Migration and Restoring eDirectory to the Source Server, LDAP Does Not Bind” 
on page 95 


+ “eDirectory Error 626 on Performing Transfer ID Migration” on page 95 


+ “Transfer ID fails when NetStorage is Configured on the Source Server” on page 96 


Copying NICI Keys Fails When Performing Transfer ID 


Description: If the source server is NetWare copying NICI files fails due to DSMETER. NLM. 


Action: To resolve this issue, you must comment the line, “LOAD DSMETER” in the autoexec . ncf 
file and restart the NetWare server before performing Transfer ID. 


LUM Repair Fails When Performing Transfer ID 


Description: The container admin performing Transfer ID is not part of the admingroup object or 
does not have supervisory permissions on all the users or groups in the admingroup object. 


Action: To resolve this issue, either Transfer ID should be performed using a treeadmin or if a 
container admin is used, ensure the admin has supervisory permissions on all the users or groups in 
the admingroup object. 


On Completing Transfer ID migration, iManager or 
Novell Remote Manager is Not Accessible via a Web 
browser on the Target Server 


Description: In the Transfer ID migration, certificates were not repaired properly in the Repair step. 
Action: 


1 Relaunch the project created for the Transfer ID migration, then authenticate to the target server. 


On successful authentication of the target server, the Transfer ID GUI is launched. The Finish 
and the Back buttons are highlighted. 


Troubleshooting Issues 93 


94 


2 Click Back to reach the Repair step, then run the Repair step again. 


3 Restart the target server for changes to be effective. 


System Might Hang on Terminating the IP Address 
Change Step when Performing the Transfer ID 
Scenario 


Description: Failure of the script to change the IP address or terminating the IP Change step 
manually might cause the system to hang. You must restart the target server and replace the service- 
specific configuration file with the backup file for the service. 


Action: To restore the original IP address of the target server, replace the <service>.conf 
configuration file with the <service>.orig backup file for the service. 


For example, if eDirectory authentication fails on completion of the IP Change step, use the following 
command: 


cp etc/opt/novell/eDirectory/conf/nds.conf.orig etc/opt/novell/eDirectory/conf/ 
nds.conf 


where nds.conf.orig is the backup service file on the target server and nds.conf is the 
configuration file created during execution of the IP Change step. 


System Might Hang on Terminating the Hostname 
Change Step when Performing the Transfer ID 
Scenario 


Description: Failure of the script to change the hostname or terminating the Hostname Change step 
manually might cause the system to hang. You must restart the target server and replace the service- 
specific configuration file with the backup file for the service. 


Action: To restore the original hostname of the target server, replace the <service>.conf 
configuration file with the <service>.orig backed up file of the service. 


For example, if iPrint authentication fails on completion of the Hostname Change step, use the 
following command: 


cp /etc/opt/novell/iprint/httpd/conf/iprint_ssl.orig /etc/opt/novell/iprint/httpd/ 
conf/iprint_ssl.conf 


where iprint_ssl.orig is the backup service file on the target server and iprint_ssl.conf is the 
configuration file created during execution of the Hostname Change step. 
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On Failure of Migration and Restoring eDirectory to 
the Source Server, LDAP Does Not Bind 


To bind LDAP you must modify the values of the LDAP configuration version of the LDAP server and 
LDAP group objects of the source server: 


If the LDAP server displays a message, “Config version 10 is greater than 8 in attribute” or any such 
similar message, you must change the Version attribute value of the LDAP group and server objects 
of the source server to 8. You can change the attribute values using iManager. Perform the following 
steps: 
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Access iManager, then log in to the eDirectory tree where the source server you want to manage 
resides. 


In Roles and Tasks, select Directory Administration > Modify Object. 

Browse and select the LDAP server object of the source server, then click OK. 

In General > Other tab, in Valued Attributes column, select IdapConfigVersion and click Edit. 
Change the LDAP Configuration Version value as defined in the error, then click OK. 


For example, if the LDAP server displays a message, “Config version 10 is greater that 8 in 
attribute” or any such similar message, you must change the LDAP Configuration Version 
attribute value of the LDAP server to 8. 


Click OK. 


7 Repeat Step 2 to Step 6 for LDAP group objects of the source server. 


Restart LDAP module on the source server: 
On NetWare: 

unload nldap.nim 

load nldap.nim 


On OES 
nldap -u 
nldap -1 


On performing the preceding steps the server returns to the status before it is removed from the 
eDirectory tree. 


eDirectory Error 626 on Performing Transfer ID 
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Check the status of SLP by entering 
rcslpd status 

If SLP is not running, start SLP by entering 
rcslpd start 


For information on using SLP, see “Using SLP with eDirectory” in the NetIQ eDirectory 8.8 SP8 
Installation Guide. 


(Conditional) If SLP is not used, create /etc/opt/novell/eDirectory/conf/hosts.nds file on 
the non-replica server that points to the master server and the container in which the user object 
is present. For more information, refer to the manpage hosts.nds. 
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Transfer ID fails when NetStorage is Configured on 
the Source Server 


During Transfer ID process, miggui tries to retrieve the proxy credentials for each of the services 
configured on the source server. If NetStorage is configured, its script returns the proxy user name in 
dot separated format instead of comma separated format. Due to this, miggui displays the following 
warning: "The source server is configured with both service proxy and common proxy. This is not a 
supported scenario and will cause failure of proxy user migration. Do you want to continue?" In this 
scenario, the OES services fail to launch after the transfer ID is complete. 


To resolve this issue, before starting the transfer ID process, update the source OES 2015 or later 
server, and reconfigure NetStorage using YaST > OES Install and Configuration, or by executing 
yast2 netstorage command. Complete the reconfiguration steps without altering any of the existing 
settings. 
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V Security Considerations 


+ Chapter 16, “Security Considerations for Data Migration,” on page 99 
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Security Considerations for Data 
Migration 


This section describes how the Micro Focus Open Enterprise Server (OES) file system Migration Tool 
can be used in a secure environment. It provides information to help you ensure that authentication 
credentials and other sensitive data are not compromised through the use of the Migration tool. 


For additional security implementation information, see “Security” in the OES 2015 SP1: Planning 
and Implementation Guide. 


+ 


+ 


+ 


+ 


+ 


“Root-Level Access Is Required” on page 99 
“Securing User Credentials” on page 99 

“Mounting Remote File Systems” on page 101 
“Transmitting Data Across the Network” on page 101 


“Managing Passwords for Migrated Users” on page 101 


Root-Level Access Is Required 


To use the OES migration tool, you must be logged in to the target OES 2015 SP1 server as root or 
a root-equivalent user. 


Securing User Credentials 


You can take precautions to ensure that authentication credentials (usernames and passwords) are 
securely stored and retrieved when using the migration tool. 


+ 


+ 


“How User Credentials Are Stored During a Migration” on page 99 


“How Credentials Are Passed from the Migration GUI Utilities to the Migration Commands” on 
page 100 


“Managing Credential Storage with migcred” on page 101 
“Securing Credentials When Piping Commands” on page 101 


How User Credentials Are Stored During a Migration 


By default, neither the migration GUI utilities (File System Migration Utility) nor the command line 
tools (m1s, migfiles, etc.) store the usernames and passwords entered by the user running the 
migration. 


+ 


+ 


“Migration Commands” on page 100 


“Migration GUI Utilities” on page 100 
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Migration Commands 


When using the migration commands, administrators can choose to use the Novell Common 
Authentication Service Adapter (CASA) to store credentials during a migration, so that they are not 
prompted repeatedly for usernames and passwords when authenticating to the source and target 
servers. This feature can be selected by adding the - -use-casa option in the migration commands. If 
this option is used, the username and password information is stored in the CASA secret store. 


NOTE: As an alternative to using the - - use-casa option in the migration commands, you can set the 
MIG_USE_CASA environment variable by using the following export command: 


export MIG_USE_CASA=1 


You can set this environment variable in the shell init scripts so that every shell has it set. 


Various migration commands provide the - -use-casa option, which tells the command to obtain the 
credentials from the CASA store and not prompt the user for them. If the - -use-casa option is used 
and the credentials are not found in the CASA store, the command prompts for them and then stores 
them in the CASA store. 


The migration commands use the CASA API library to securely store and retrieve credentials from 
the secret store. 


Migration GUI Utilities 


The migration GUI utilities do not use CASA, nor do they store user credentials in any file format. 
Rather, the utilities accept the user credentials entered for the source server and target server and, 
after validating them (via secure or non-secure LDAP authentication), the utilities store this 
information in a proprietary cache. These credentials are used by the applications to execute various 
migration-related operations. For example: 


+ Toretrieve NetWare source volumes, the File System Migration Utility issues an numap 
command. 

+ To carry out migrations, the GUI utilities execute the required migration commands (mls, 
migfiles, maprights, maptrustees, etc.). 


The migration utility cache is flushed when the applications are closed. 


In a saved migration project, only the IP addresses of the source and target servers, the volume 
names, and any other migration options, are stored in the .xm1 configuration file. When you open and 
rerun a saved project, you are prompted to reenter the credentials. 


How Credentials Are Passed from the Migration GUI Utilities 
to the Migration Commands 


The GUI utilities execute migration commands within their process context and pass the user 
credentials whenever required or prompted through their process APIs, which can be hidden from the 
user. The GUI applications neither set the credentials in environment variables nor use the CASA 
store, even though the migration commands provide the option. 


To pass credentials to the migration commands, the GUI utilities open a terminal connected to the 
standard input and feed in the password to the command line prompt. 
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Managing Credential Storage with migcred 


As mentioned previously, administrators can choose to store user credentials in CASA so that they 
are not prompted for usernames and passwords every time they perform a migration task. 


You can use the migcred command to control and manage what is stored in the CASA secret store. 

This command provides options to store, view, and delete information for a particular identity. With the 
necessary user credentials stored in CASA, usernames and passwords can be retrieved as needed 

by other migration commands. 


Securing Credentials When Piping Commands 


Administrators might also want to pipe the output of one migration command to another, so they 
cannot feed usernames and passwords to the commands through the console. Using the CASA 
secret store provides a way to protect this secure information when piping migration commands. 


The user must include the - -use-casa option when building the pipelines. For example: 


mls -s 192.168.131.135 -v V1 --use-casa | maptrustees -s 192.168.131.135 -r --use- 
casa 


Mounting Remote File Systems 


The migration tool must mount the remote file systems of the source servers in order to obtain 
information about the source volumes and to copy the specified data to the target server. 


For NetWare and OES migrations, the mls and migfiles uses nwmap command to map to the remote 
volumes and read data from the _admin volume to validate the source path. The mls and migfiles 
commands unmounts the file system upon termination. If a process is killed forcibly (kill -9), the 
mount point remains mounted and must be unmounted by the administrator. 


The mls command uses nbackup tool to build the list of trustees. 


Transmitting Data Across the Network 


The OES migration tool use Novell Storage Management Services (SMS) to copy data from OES 
servers. Data is not encrypted when it is transmitted across the network. 


Managing Passwords for Migrated Users 


When performing a tree-to-tree migration, you have the option to migrate users into the target 
server's eDirectory tree. If you are migrating users, you have two choices for passwords: 


+ Generate random passwords for the migrated users (by using the -r option of the migtrustees 
command).When using this option, you must always pass the --newusers-password-file option 
so that the randomly generated passwords and usernames are stored in the file. 


or 


+ Assign a specific password for all migrated users (by using the -s option of the migtrustees 
commana) 


Security Considerations for Data Migration 101 


If neither -r nor -s is used, users are created without a password and the user accounts are locked 
until they are manually assigned a password by the administrator, using iManager or other eDirectory 
management tools. Null passwords (-s "") are not allowed. 


The new passwords generated by -r option are stored in a new file. To avoid password theft, dispose 
of this file in a secure manner after you have communicated the new passwords to their respective 
users. 
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VI Data Migration 


+ Chapter 17, “Migrating File Systems to OES 2015 SP1,” on page 105 


Data Migration 103 


104 Data Migration 


Migrating File Systems to OES 2015 SP1 


This section provides information on how to migrate the file system from supported source servers to 
an OES 2015 SP1 server. 


+ 


+ 


+ 


+ 


+ 


+ 


+ 


“Preparing for File System Migration” on page 105 

“Migration Scenarios” on page 107 

“Moving Devices for Migrating the Data from NetWare to OES 2015 or Later” on page 111 
“Migrating File System Using GUI” on page 111 

“Synchronizing File System Using Migration GUI” on page 117 

“Migrating File System Using Command Line Utilities” on page 118 

“Troubleshooting” on page 143 


The following sections provide more details on the migration procedure for the file system. 


Preparing for File System Migration 


To prepare your network for file system migration, complete the tasks in the following sections: 


+ 


“Source Server Requirements” on page 105 


+ “Target Server Requirements” on page 106 


Source Server Requirements 


+ “NetWare Server” on page 105 


+ “OES Server” on page 105 


NetWare Server 


+ Shut down any applications, products, or services (virus scan software, backup software, etc.) 


running on the server to be migrated. 


Ensure that the latest version of Storage Management Services (SMS) is running on the source 
NetWare server. 


SMS updates can be downloaded from the Novell Downloads Web site (http:// 
download.novell.com/patch/finder/#familyld=122). 

When migrating data from a Traditional NetWare volume, ensure that the NPM files for NFS and 
the NFS name space is loaded on the Traditional NetWare Volumes. 


Although data on the source server is not deleted as part of the migration, we recommend that 
you back up your data. 


OES Server 


+ Shut down any applications, products, or services (virus scan software, backup software, etc.) 


running on the server to be migrated. 
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+ Ensure that the server is running supported OES versions with all the available patches in the 
channel. 


+ Ensure that Storage Management Services (SMS) and NetWare Core Protocol (NCP) is running 
on the server. 


+ Ensure that source volumes on OES servers are NSS volumes, NCP volumes, or POSIX 
volumes. 


NOTE: The Migration Tool GUI does not support POSIX file system migration. Create an NCP 
volume with the POSIX path that you want to migrate, then migrate the NCP volume. 


+ 


To migrate data from NCP volumes on OES server, ensure that you have done the following: 
¢ Install the Novell Client for Linux 
+ Restart SMS by running the following command: 
rcnovell-smdrd restart 


+ Ensure that the user performing migration has read/write/access rights to back up the files 
on the NCP volume. 


+ To perform migration, the user must have read/write/access permissions to the source server 


Target Server Requirements 


+ Ensure that the server is running OES 2015 SP1. 


+ Services to be migrated must be installed and configured on the target server. 
The following additional prerequisites must be met for NSS and NCP target volumes: 


+ “For NSS Target Volumes” on page 106 
+ “For NCP Target Volumes” on page 106 


For NSS Target Volumes 


O Using Migration GUI, if you have configured file system and for some reason the mount point of 
NSS volumes change, then you must reconfigure the paths for file system. 


O Create the NSS volumes to which you will migrate the data. Ensure that you allocate sufficient 
space for the volume to hold all of the source data. 


O Ensure that the target volumes have similar properties to the source volumes. For example, if 
compression is turned on for the source volume, turn on compression for the target volume as 
well. The same applies to user quotas and other NSS features. 


O Using CLI, if you want to use the CASA secret store to store usernames and passwords during 
migration (via the - -use-casa option), ensure that the following RPM is installed on the OES 
server: 


CASA-1.7.XXX. rpm 
Restart the CASA daemon by entering the following command: 


/etc/init.d/micasad restart 


For NCP Target Volumes 


O Create NCP volumes to which you will migrate the data. 
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O Ensure that the user performing the migration has read/write/access rights to the POSIX path 
that corresponds to the NCP volume. 


© Although data is successfully migrated to the clustered NCP target volumes, trustee migration is 
not supported. 


Migration Scenarios 


The procedures for migrating file system data from the NSS volumes or Traditional volumes on 
NetWare or from the NSS volumes on OES vary depending on whether the source server and target 
server are in the same eDirectory tree or in different eDirectory trees. This section covers the 
following scenarios: 

+ “Consolidating Data to a Server in the Same Tree” on page 107 

+ “Consolidating Data to a Server in a Different Tree” on page 107 

+ “Migrating Compressed Files” on page 108 

+ “Data Migration for Clustered Volumes” on page 108 

+ “Data Migration for DST Volumes” on page 109 

+ “Data and Trustee Migration in Active Directory Environment” on page 110 

+ “Transfer ID” on page 111 

+ “Migration Procedure” on page 111 


NOTE: For more information about migration scenarios, see Chapter 1, “Overview of the Migration 
Tools,” on page 15. 


Consolidating Data to a Server in the Same Tree 


The source file system volumes are migrated to the target file system volumes within the same 
eDirectory tree. 


The following are migrated from the source server to target server: 


+ Volumes, folders and files 


+ Trustee rights for files 


Consolidating Data to a Server in a Different Tree 


The source file system volumes are migrated to the target file system volumes in a different 
eDirectory tree. 


The following are migrated from the source server to target server: 


+ Volumes, folders and files 

+ Trustee rights for files 

+ Create users in the target's file system volumes. 

+ An option to set a default global password for the new users created on the target server. 
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Migrating Compressed Files 


In any of the following scenarios compressed files are seamlessly migrated from source server to 
target server: 


+ Source server volumes and target server volumes both are compression enabled. 


+ Source server volume is compression enabled and target volume is not enabled for 
compression. Migration gui uncompresses the migrated files on the target server volume. 


+ Source server volume is not enabled for compression and target volume is compression 
enabled. Migration gui compresses the migrated files on the target server volume. 


The compress and uncompress commands run as a backend process in the migration gui. 


Data Migration for Clustered Volumes 


You can perform data migration by upgrading only the cluster nodes or both the cluster nodes and 
storage: 


+ “Upgrading NetWare Cluster Nodes” on page 108 
+ “Upgrading NetWare Cluster and Shared Storage” on page 108 


Upgrading NetWare Cluster Nodes 


One or more NetWare nodes are replaced with OES 2015 or later nodes. Novell Cluster Services 
supports rolling server upgrade, using which one or more NetWare nodes can be replaced with OES 
2015 or later nodes. For performing upgrade, refer to the “Converting NetWare Cluster Nodes to OES 
(Rolling Cluster Conversion)” in the OES 2015 SP1: Novell Cluster Services NetWare to Linux 
Conversion Guide. 


Upgrading NetWare Cluster and Shared Storage 


All nodes and shared storage is replaced with new cluster with OES 2015 or later configured on a 
new shared storage. Migrating cluster NSS volumes from NetWare cluster to a new Linux cluster can 
be achieved using Migration Tool. 


The Migration Tool provides two options Is Cluster Resource and Follow Cluster Resource to 
perform cluster migration. 


If you select Follow Cluster Resource option, migration continues uninterruptedly during cluster 
resource migrations to different cluster nodes. This option is valid only on the source server clusters. 
On migrating data to cluster NSS volume on the target server, migration stops when the resource 
migrates to a different node. To continue migration you must make the resource active on the target 
server. 


If this option is not selected, migration stops when the resource migrates to a different node on source 
server. Once the resource comes up on the different node, re-start migration to continue the migration 
from where it failed. The Migration Tool supports only source NSS volumes for migration. 
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Data Migration for DST Volumes 


On performing migration for DST volumes, the data is migrated for only the primary volume and does 
not include the secondary volume. To perform migration for all the volumes, remove the shadow 
volume relationship of the DST server. 


When performing migration, consider the following: 


Source Server as DST 


+ The target server can be a DST or non-DST server. 
+ Stop the DST policies before performing the migration. 


For more information on stopping the policies, see “Stopping a Running Policy” in the OES 2015 
SP1: Dynamic Storage Technology Administration Guide. 


+ 


Only the data that is stored on the primary volume of the source server is migrated to the target 
server. 


+ 


To migrate the data from all the volumes of the source server, remove the shadow volume 
relationship on the source server. 


For more information on removing the shadow volume relationship, see“Removing the Shadow 
Relationship for a Clustered DST Volume Pair” or “Removing the Shadow Relationship for a 
Non-Clustered DST Shadow Volume” in the OES 2015 SP1: Dynamic Storage Technology 
Administration Guide. 


+ 


Configure the file system GUI to perform migration. For more information, go to “Migrating File 
System Using GUI” on page 111. 


Target server as DST 


+ The source server can be a DST or non-DST server 


+ 


Stop the DST policies before performing migration. 


For more information on stopping the policies, see “Stopping a Running Policy” in the OES 2015 
SP1: Dynamic Storage Technology Administration Guide. 


+ The data is migrated from the source server to only the primary volume of the target server. 


+ 


To migrate the data from the source server to all the volumes on the target server, remove the 
shadow volume relationship on the target server. 


For more information on removing the shadow volume relationship, see “Removing the Shadow 
Relationship for a Clustered DST Volume Pair” or “Removing the Shadow Relationship for a 
Non-Clustered DST Shadow Volume” in the OES 2015 SP1: Dynamic Storage Technology 
Administration Guide. 


+ 


Configure the file system GUI to perform migration. For more information go to “Migrating File 
System Using GUI” on page 111. 


Example 17-1 For Example: 


Consider a scenario, where you are migrating data from a source non-DST server to a target DST 
server. The source server has volumes Vol1, Vol2, Vol3 of 3 GB/TB each. The target server contains 
the primary volume Vo/4 with 1 GB/TB space and secondary volume Vol5 with 10 GB/TB space. In 
this scenario you can migrate the data by using any of the following: 

¢ “Migrating without the Shadow Volume Relationship:” on page 110 


¢ “Migrating with the Shadow Volume Relationship:” on page 110 
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Migrating without the Shadow Volume Relationship: When the shadow volume relationship is 
removed from the target server, it acts as a non-DST server and the migration can be performed 
normally. 


Perform the following to migrate the data: 


1 Remove the shadow volume relationship. For more information, see “Removing the Shadow 
Relationship for a Clustered DST Volume Pair” or “Removing the Shadow Relationship for a 
Non-Clustered DST Shadow Volume” in the OES 2015 SP1: Dynamic Storage Technology 
Administration Guide. 


2 Configure the file system GUI to perform migration. For more information go to “Migrating File 
System Using GUI” on page 111. 


Migrating with the Shadow Volume Relationship: Considering the Example 17-1, only 1 GB/TB 
(depending on Vol4 size) of data from the source server can be migrated to the primary volume Vol4 
of the target server. If you need the data on all the volumes of source server to be migrated to the 
target server, perform the following: 

1 Stop the existing DST policies temporarily before performing migration. 


2 Create a project to migrate the data less than or equal to 1 GB/TB (depending on Vo/4 size) from 
the source server to the target server. 


3 Perform the migration. 


4 (Conditional) If some files or folders were open on the source server and did not get migrated to 
the target server, perform synchronization. 


Synchronization must be performed before performing the next step. 


5 Configure a DST policy on the target server to move the migrated data from the primary volume 
to the secondary volume. 


As a result, there is space available on the primary volume of the target server to migrate 
additional data from the source server. 


6 Stop the DST policy after the required data is moved from the primary volume Vo/4 to the 
secondary volume Vol5. 


7 (Conditional) If the data size on the source server is greater than the space available on the 
primary volume of the target server, repeat Step 2 to Step 6 until the entire data is migrated. 


OR 


Enable the DST settings to increase the size on the primary volume of the target server to match with 
the data size on the source server, then perform Step 2 to Step 6 to migrate the data. 


Data and Trustee Migration in Active Directory Environment 


When performing data or trustee migration in Active Directory environment, you must ensure that on 
the source server and target server the pool containing NSS volumes is media-upgraded, the NSS 
volumes are AD-enabled, and trustee rights are assigned on the specific folders or files. 
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Table 17-1 Support Matrix in Active Directory Environment 


Source Volume Target Volume Data Migration Trustee Rights 
eDirectory Active Directory 
AD-enabled AD-enabled Success Success Success 
AD-enabled Non AD-enabled Success Success Not supported 
Non AD-enabled AD-enabled Success Success Not applicable 
Non AD-enabled Non AD-enabled Success Success Not applicable 


Transfer ID 


In the Transfer ID scenario a series of tasks are executed for transferring the server identity of the 
source server to the target server. In the Migration Tool GUI, the file system is configured, then 
migrated. On successful migration of all of the services, click Transfer ID. For more information, see 
Part IV, “Transfer ID Migration,” on page 61. 


Migration Procedure 


Use either of the following methods to perform a file system migration: 


+ “Migrating File System Using GUI” on page 111 
¢ “Migrating File System Using Command Line Utilities” on page 118 


Moving Devices for Migrating the Data from NetWare 
to OES 2015 or Later 


You can move devices containing NSS volumes from NetWare to OES server by decommissioning 
the volumes on the device in the eDirectory, then recommissioning the volumes on the nev server. 
For more information, see the “Moving Non-Clustered Devices From NetWare 6.5 SP8 Servers to 
OES 2015 SP1” in the OES 2015 SP1: NSS File System Administration Guide for Linux. 


For shared NSS pools and volumes, Novell Cluster Services provides this service automatically 
during a rolling cluster conversion from NetWare to OES. For information about converting shared 
pool cluster resources and service resources, see the OFS 2015 SP1: Novell Cluster Services 
NetWare to Linux Conversion Guide. 


Migrating File System Using GUI 


After you have completed the prerequisites procedures in “Preparing for File System Migration” on 
page 105, you are ready to migrate the source server. 
1 Launch the Migration Tool from the target server, using either of the following methods: 


Desktop: Click Computer> More Applications> System > Novell Migration Tools to launch the 
Migration GUI. 


Terminal Prompt: Log in as the root user and at a terminal prompt, enter miggui 
2 Enter authentication credentials for the source server. 
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(Optional) Is Cluster Resource: This option supports only Migrate scenario and does not 
support Transfer ID. If you want to migrate data in a cluster environment, you can perform either 
of the following: 


+ Migrating Cluster Volumes: In the Source Server Authentication screen, specify the 
cluster resource IP and select the Is Cluster Resource option. On configuring file system 
the Volume Information tab displays all cluster volumes from the cluster resource as part of 
the source volume. 


+ Migrating Non Cluster Volumes from a Cluster Node: In the Source Server 
Authentication screen, specify the cluster node IP and do not select the Is Cluster 
Resource option. On configuring file system the Volume Information tab displays all non 
cluster volumes present on the source server. 


3 Enter your authentication credentials for the target server 


4 Depending on the type of migration to perform, select the migration type as Migrate or Transfer 
ID. 


5 In the Services panel, click Add and select File System. 


The Status of the file system service is Not Configured. 


IMPORTANT: File system is listed in the Service panel list only if it installed and configured on 
the target server. 


6 To configure migration parameters for the file system, select File System, then click Configure. 


Tabs Purpose 


Volume Information Identify the volumes or folders that you want to move from the selected source 
server to a selected target server. By default, all of the data in the volumes or 
folders that you select for migration in the source server tree is migrated to the 
target server. 


File Options Customize the files and quotas that are migrating to the target server. You can also 
specify the home directory location and set options to synchronize the file system. 


Trustee Options You can migrate the trustee rights of the users and groups from the source server 
to target server. You can also specify the global password for the new users 
created on the target server. 


This tab is enabled only in a Different Tree scenario. 


Match User Options You can specify which users to migrate and how to handle the migration if the user 
already exists on the target server. 


This tab is enabled when you select the Custom User mapping option in the 
Trustee Options page. 


7 Inthe Volume Information tab, in the Source Server tree, select volumes or folders that you want 
to migrate, then drag and drop it in the Target Server tree. The names of the source cluster 
volumes can only include “_” as a special character to be listed in the Source Server tree. 

IMPORTANT: You cannot migrate a DFS junction. A DFS junction is displayed under the source 

tree as a folder because this junction appears in the file structure as a directory. Under Volume 

Information, the DFS junction can be dragged to the target server tree, but actually, the junction 

and the data are not migrated to the target server and migration fails. 
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On migrating a directory to an existing file system (NSS, NCP volume, or Linux POSIX volume), 
there are access rights set on the target location that can be inherited by the folder and its 
contents after migration (either the trustees and trustee rights in the case of NSS and NCP, or 
the ACLs (access control lists) for Linux POSIX). You must modify the settings as needed to 
ensure that the files are available only to authorized users before you allow users to access the 
data in the new location. 


In the Source Server tree, you cannot expand volumes or folders that are copied to the Target 
Server tree. 


For explanation on different tasks that can be performed in the Volume Information tab, refer to 
the table below, else proceed with default settings to Step 8. 


Task Description 


Target Location After you have selected volumes and folders for migration, you might want 
to identify the path of the folder or volume moved to the target server. 


In the Source Server tree, right-click the volume or folder that is selected 
for migration, then click Target Location from the drop-down menu. The 
tree in the Target Server view expands to display the volume or folder that 
was copied from the source server. 


Source Location After you have selected volumes and folders for migration, you might want 
to identify the path of the folder or volume moved from the source Server. 


In the Target Server tree, right-click the volume or folder that is highlighted 
for migration, then click Source Location from the drop-down menu. The 
tree in the Source Server view expands to display the volume or folder that 
was copied to the Target Server. 


Target Server 


o- E) fest 


Expand 
| Source Location 


Volumes or Folders selected The volumes or folders that are selected for migration are highlighted in 


for migration blue in the Source Server tree and the Target Server tree. 

Removing Volumes or In the target server tree, right-click the volume or folder that you have 
Folders from the Target decided not to migrate, then select Undo. The folder no longer appears 
Server under the target server tree and is no longer a candidate for migration. 
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Task Description 


Follow Cluster Resource Select this option to perform uninterrupted migration when cluster 
resources migrate to different cluster nodes. This option is valid only on the 
source server clusters. 


For example, when a failure occurs on one node of the cluster, the 
resources are relocated to another node in the cluster. The migration tool 
connects to the cluster instead of individual server and performs 
uninterrupted migration during this failure. 


If this option is not selected, migration stops when the resource migrates to 
a different node. When the resource comes up on a different node, run the 
migration project again, the migration tool ensures that the migration 
process resumes from the state where it had stopped. 


On migrating data to cluster volume on the target server, migration stops 
when the resource migrates to a different node. To continue migration you 
must make the resource active on the target server. 


8 Click the File Options tab, then click OK to accept the defaults. 
or 


Use the options to customize the files and quotas to migrate to the target server, then click OK to 
save the settings. 


For explanation of the different tasks that can be performed in the File Options page, refer to the 


Table below. 

Task Description 

Duplicate File Determines what action to take when a file copied from the source server has the 

Resolution same filename as an existing file on the target server. Specify one of the following 
resolutions: 

+ Always Copy Source File (default): The migrated file always overwrites the 
existing file. 

+ Never Overwrite Existing File: The file from the source server is not migrated, 
if a file of the same name exists on the target server. 

+ Copy if Newer: The migrated file overwrites the existing file on the target 
server, only if its last modified date is newer than the existing file’s date. This 
option is applicable only for data migration. 

Quotas This option is applicable only for data migration. 


NOTE: If you are migrating to a different file system (NSS to NCP volumes or from 
NSS to Linux POSIX volumes) on the target server, user quotas and directory quotas 
are not valid. 


+ Exclude User Quotas on Source: The user quotas from the source server are 
not copied to the target server. 


+ Exclude Directory Quotas on Source: The directory quotas from the source 
server are not copied to the target server. 


+ Disable Quota Checks on Target: The user and directory quotas set on the 
target server are ignored by the migration tool on performing data copy. 
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Task Description 


File Filters Determines which files to include for migration. If no filters are set, all files are 
migrated. You can specify the files that you want to migrate by specifying the date 
range or you can exclude the files from migrating by specifying the filenames or file 
extensions. 


+ Last Accessed/ Last Modified: The date range to include files for migration. 


+ Exclude File(s): The filenames or file extensions to exclude from migration. 
Wildcards (*) are permitted. For example: *.mp3, *.mov, *. tmp, 
samplefile.txt, “my sample file. txt.” 


Specifying * . mp3 excludes all files with an extension of .mp3 from being 
migrated. Specifying samplefile.txt excludes all samplefile.txt from being 
migrated. 


Home Directory Specify the target server path for the users whose home directory you are migrating 
Options from the source server. 


For example, If the users’s home directory path on the source server is /media/ 
nss/VOL1/users and the target path where the users will be migrated is /media/ 
nss/VOL2/users, then specify the path in the Home Directory Options as /media/ 
nss/VOL2/users. On successful migration, the home directory of the users is 
updated with the new target server path. 


NOTE: If you are performing migration across multiple volumes, you cannot specify 
multiple home directory paths. 


Sync Options The Sync option performs synchronization of the target server with the source server. 
After completion of file system migration, if the source server is updated with new 
information, you can use the Sync option for synchronizing the servers. The Sync 
option is available in the main Migration GUI window. 


Delete Files Not On Source: During synchronization of the servers, additional files 
or folders on the target servers are deleted that are not available on the source 
server. 


Delete Trustees Not On Source: This option is enabled only for same tree 
migration. Set this option to update trustee information on target server when trustees 
are deleted on the source volume on completion of migration or synchronization. 
Trustee information that is not on the source server is deleted from the target server. 


Copy Trustees Only At The Directory Level: Synchronizes trustees only at the 
directory level. Trustees for files are not synchronized. 


Do Not Copy Trustees: The user rights on the source server folders are not synced 
to the target server. 


Login Options This option indicates whether you want users to be logged in during the data 
migration. 


Disable Login On Source: If you disable user login, the users cannot log in to the 
network and modify the open files during the file copy. Users already logged in to the 
source server are not logged out, but no new logins are allowed until the migration 
completes. 


Click the Trustee Options tab, then click OK to accept the defaults and migrate the trustee rights 
of users and groups on the source server to target server. 


or 


Use the options to customize the files trustee options to migrate to the target server, then click 
OK to save the settings. 
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For explanation on different tasks that can be performed in the Trustee Options tab, refer to the 
table below. 


NOTE: In the Same Tree scenario, the Trustee Options tab is disabled. 


Task Description 
Trustee Specify an option to migrate trustee rights of users and groups from the source server to 
Migration the target server. 


+ Do Not Migrate Trustees (default): The user rights to the access folder on the 
source server are not migrated to the target server. 


+ Flatten Trustees: The users on the source server are migrated to a selected 
context on the target server, irrespective of whether the users are in a different 
context on the source server. 


¢ Target Context to flatten the users: Select the context on the target server 
to migrate all the users. 


+ Custom User Mapping: Users on the source volume are mapped with the users 
on the target server. When you select this option, the Match User Options tab is 
enabled, which enables you to select the users from the source server or the 
target server, and then assign migration options. 


+ Search Context to map users: Select the context on the target server to 
match the users. 


Existing User A username on the source server has a corresponding username on the target server. 
Options You can overwrite the trustee details of the user on the target server, or ignore the user. 


+ Ignore All: Do not create users on the target server. 


+ Overwrite All: Overwrite the users on the target server. 


New User Specify the global password for the new users created on the target server. 

Options 
eDirectory Password: Specify the password for the users to use, when they log in for 
the first time on the target server. 


IMPORTANT: If password restrictions are set for users on the source tree, you must 
specify a default password, else migrating users in a different tree scenario might fail. 


10 (Conditional) If the Match User Options tab is enabled, click it, then continue with Step 10a to 
specify which users to migrate and how to handle the migration if the user already exists on the 
target server. 


or 


If the Match User Options tab is not enabled, click OK to save your file system migration setup 
and return to the main Migration Tool window then continue with Step 12. 


10a To view the list of users on the source server and target server, click Map Users, then select 
how to handle the users. 


NOTE: In a migration project, if you select multiple volumes for migration that are 
associated with same users, then on mapping users the source displays duplicate user list. 


+ Existing or Mapped Users: A username on the source server has a corresponding 
username on the target server. If the users are mapped, only the trustee details are 
migrated. 


+ New Users: Users do not exist on the target server. Create new users on the target 
server, or ignore the users. 
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10b This is a global setting for all the users. Specify one of the following options to migrate users 
or ignore users. 


+ Ignore All: Do not migrate the new users. Only existing users are migrated to the 
target server. 


+ Create All: Create all users on the target server. 


10c (Optional) To specify settings for individuals and groups that override the global handling of 
user migration, click the username, then assign one of the migration options from the drop- 
down menu: 


+ Create: Create users on the target server and assign the trustee rights. 


The users are created on the target server that is using the same FDN as the source 
server. The search context is used only to match the source server users to target 
server users in that context. 


+ Ignore: Ignore the user and do not assign the trustee rights of the source user. 


+ Browse: Assign an equivalent user by browsing the same context or a different 
context on the target server and assigning trustee rights. 


11 After you have finished configuring the parameters in each tab, click OK to save your file system 
migration setup and return to the main Migration window. 


12 Click Migrate on the main migration window to begin the migration. 


The log files for the file system are located at /var/opt/novell/migration/<project name>/log. 
Following log files are created during file system migration: 


filesystem.log: This stores the information about the command sequence and errors encountered 
during migration. 


filesystem.success.log: This stores the list of all successfully migrated files. 


filesystem.delete.log: This stores list of files deleted from the target server which are not available 
on the source server when performing sync. This log file is updated with list of deleted files, if you 
have selected the option Delete Files Not On Source in the File Options tab. 


Synchronizing File System Using Migration GUI 


On performing synchronization, the service details (data, trustee etc) on the target server is compared 
with the source server and the updated information is migrated to the target server. You can perform 
synchronization in the following two scenarios: 

+ “Same Tree” on page 117 


+ “Different Tree” on page 118 


Same Tree 


On successful migration, you are ready to perform synchronization for any new or modified files or 
trustee rights. 
1 Launch the Migration Tool on the target server. 
2 Open the migration project that you need to perform synchronization. 
The status of the file system is “Migrated on <Date and Time of successful migration>”. 


3 Authenticate the source server and target server. 
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4 (Conditional) You can modify only few options for file system. In the Services to Migrate panel, 
select File System, then click Configure. In the File system GUI, File Options tab only the 
Duplicate File Resolution, Login Options, and Sync Options are enabled and can be modified. 


5 Inthe main Migration Tool GUI, click Sync. 


All the new or modified files or trustee rights on the source server are migrated to the target 
server. 


Different Tree 


On successful migration, you are ready to perform synchronization for any new or modified files or 
trustee rights. 
1 Launch the Migration Tool from the target server. 
2 Open the migration project that you need to perform synchronization. 
The status of the file system is “Migrated on <Date and Time of successful migration”. 
3 Authenticate the source server and target server. 


In the File system GUI, File Options tab only the Duplicate File Resolution, Login Options, and 
Sync Options are enabled and can be modified. 


3a (Conditional) In the Trustees Options tab, if you have selected the Custom User Mapping 
option, you must remap the users on the source volume with the users on the target volume 
in the Match User Options tab. 


4 In the main Migration Tool GUI, click Sync. 


All the new or modified files or trustee rights on the source server are migrated to the target 
server. 


Migrating File System Using Command Line Utilities 


This section provides information on how to use the command line to migrate a file system running on 
supported source servers to target server. 


NOTE: All the migration commands must be run on the target server. 


This section covers the following scenarios: 


+ “Migrating Data to a Server in the Same Tree” on page 119 
¢ “Migrating Data to a Server in a Different Tree” on page 120 
¢ “Migrating Data to a POSIX File System” on page 125 

¢ “File System Migration Commands” on page 127 

¢ “Additional Migration Options” on page 141 
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Migrating Data to a Server in the Same Tree 


This section describes how to migrate file system data from source server to target server in the same 
eDirectory tree. 

¢ “Migrating the Data” on page 119 

+ “Examples” on page 119 


¢ “Limitations” on page 120 


Migrating the Data 


migfiles is command to migrate files and directories. If you need to modify the home directories of 
the migrated users, you also need to use mls, maptrustees, and migtrustees. 


1 (Conditional) If you need to modify the home directories of the migrated users, run the following 
command: 


mls 
2 Run the migfiles command to copy the data from the source server to the target server. 


3 (Conditional) If you need to modify the home directories of the migrated users, run the following 
commands in the order specified: 


maptrustees 


migtrustees 


Examples 


The following examples illustrate ways to use the various options available for the migration 
commands. 


+ “Volume-to-Volume Migration” on page 119 
¢ “Directory-to-Directory Migration” on page 119 
+ “Volume-to-Directory Migration (NSS Volume to NCP Directory)” on page 120 


+ “Remapping Home Directories” on page 120 


Volume-to-Volume Migration 


This command migrates all data from the Traditional or NSS volume SRCVOL1 on the source server 
with the IP address 192.168.1.3 to the target server’s TGTVOL1 volume with verbose output: 


migfiles -s 192.168.1.3 -V SRCVOL1 -v TGTVOL1 -i 


Directory-to-Directory Migration 


This command migrates data from the Traditional or NSS path DATA: impstuff on the source server 
with the IP address 192.168.1.3 to the stuff directory on the NSS volume NSS1 with verbose output: 


migfiles -s 192.168.1.3 -V DATA:impstuff -x /media/nss/NSS1/stuff -i 
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Volume-to-Directory Migration (NSS Volume to NCP Directory) 


This command migrates data from the Traditional or NSS volume named DATA on the source server 
with the IP address 192.168.1.3 to the newdir directory on the NCP volume NCP1 located at path / 
data/ncp1 without verbose output: 


migfiles -s 192.168.1.3 -V DATA -x /data/ncp1/newdir 


Remapping Home Directories 


These commands migrate the VOL1 volume on source server 192.168.1.3 to the VOL1 volume on 
target server 192.168.1.4. The -H option in the maptrustees command is used to remap the home 
directories of the users to the target server. 
1 Create a list of files and associated rights on the source volume: 
mls -s 192.168.1.3 -V VOL1 > mls.yaml 
2 Copy the data from the source volume to the target volume: 
migfiles -s 192.168.1.3 -V VOL -x /media/nss/VOL1 -i 
3 Map the trustees and home directories from the source server to the target server: 


maptrustees -s 192.168.1.3 -H /media/nss/VOL1/users/--map-homedir -only 
mls.yaml> maptrustees.yaml 


The -H option is a path to the base directory that includes all the home directories. 
4 Migrate the information generated in the previous step: 


migtrustees -d 192.168.1.4 -m maptrustees.yaml 


Limitations 


If you have user space restrictions set on a source NSS volume, the restrictions are migrated to target 
NSS volumes if you do a full volume migration. 


Migrating Data to a Server in a Different Tree 


When the source server and target servers are in different eDirectory trees, your file system user and 
group trustees must be migrated from the source tree to the target tree, along with their associated 
data. The maptrustees and migtrustees commands are used to migrate users and groups 
assigned as trustees in the source tree to the target tree. Alternatively, you can use Novell Identity 
Manager to migrate the eDirectory users and groups, and then use the migmatchup command to 
match the user from the source server to the target server. Use the maprights and migrights 
commands only if the user and the group structure has changed during the migration. 


¢ “Migrating the Data” on page 121 
+ “Examples” on page 121 


+ “Limitations” on page 124 
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Migrating the Data 


The main command to use is migfiles. To map the trustees (users and groups) from the source tree 
to the target tree, you need to use mls, maptrustees, and migtrustees. If you are reorganizing the 
trustees (migrating to a different context), you also need to use mls, maprights, and migrights to 
map the trustee rights. 


To migrate the data from a source NetWare server or OES server in one eDirectory tree to the target 
Linux server in another tree: 


1 You can either migrate the source server trustees to the target server or map the source server 
trustees with the target server. 
+ To migrate the trustees, run the following commands in the order shown: 


mls 
maptrustees 
migtrustees 


+ To map the trustees, run the following commands in the order shown: 
mls 
migmatchup 
2 Run the migfiles command to copy the data from the source to the target server. 


3 (Conditional) If you are migrating users and groups to a different context or matching the user 
with different name, run the following commands in the order shown: 


maprights 
migrights 


Examples 


+ “Tree-to-Tree Migration Using the Migration Tool to Migrate Trustees” on page 121 


+ “Tree-to-Tree Migration Using the Migration Tool to Migrate Trustees and Flatten the Trustee 
Structure” on page 122 


+ “Tree-to-Tree Migration with Trustees Already Migrated to the New Tree and Reorganized in the 
New Tree.” on page 123 


Tree-to-Tree Migration Using the Migration Tool to Migrate Trustees 


The following example shows how to migrate data from a source NetWare server in one tree to a 
target server in another tree. In this example, the target volumes are NSS volumes, and the users are 
to be migrated to the same context in the target tree. 


1 Create a list of files and trustees on volume V1 on the source server with IP address 
192.168.1.3: 
mls -s 192.168.1.3 -V V1 > mls.yaml 

2 Map the trustees on the source server and output the list to a file: 


maptrustees -s 192.168.1.3 -H /media/nss/VOL1/users/ mls.yaml > 
maptrustees.yaml 


The -H option replaces the home directory of the source server user with the new home directory 
specified by -H option. The -H option is a path to the base directory that includes all the home 
directories. If the users don't have home directories, this option doesn't need to be used. 


3 Migrate the trustees to the target server: 


migtrustees -d 192.168.1.67 --specific-password novell maptrustees.yaml 
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If you want to assign each user a random password, use --random-password option, it stores 
the passwords in a file. To avoid password theft, dispose of the password file in a secure manner 
after you have communicated the new passwords to their respective users. 


(Conditional) When migrating to an NCP Linux volume, if you want to preserve file ownership in 
the target tree, you should LUM-enable the migrated users before continuing. For information 
about LUM-enabling users, see “LUM Implementation Suggestions” in the OES 2015 SP1: 
Planning and Implementation Guide. 


Migrate the data from source volume V1 to target NSS volume VOL1: 
migfiles -s 192.168.1.3 -V V1 -x /media/nss/VOL1/ -i 


After the users have been migrated (this only needs to be done once), additional data volumes 
can be migrated. Repeat Step 1 to Step 5 to migrate other volumes on the source server. 


Tree-to-Tree Migration Using the Migration Tool to Migrate Trustees and Flatten 
the Trustee Structure 


The maptrustees command includes a -k option that allows you to migrate users to a different 
context in the target tree. When you do this, the container hierarchy is flattened. 


For example, suppose your source eDirectory tree looks like the one shown in Figure 17-1. 


Figure 17-1 Source eDirectory Tree Structure 


o=novell 


ou=blr 
L ou=eng 
- eng-user1 
eng-user2 
user1 
user2 


When the users are migrated to ou=test.o=novell, the resulting tree structure is shown in Figure 17-2. 


Figure 17-2 Target eDirectory Tree Structure 
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user2 
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The following example shows how to migrate data from a source server in one tree to a target server 
in another tree. In this example, the target volumes are NCP Linux volumes and the new user context 
is ou=new-context .o=company. 


1 


Create a list of files and trustees on volume SRCVOL on the source server with IP address 
192.168.1.3: 


mls -s 192.168.1.3 -V SRCVOL > mls.yaml 
Map the trustees on the source server and output the list to a file: 


maptrustees -s 192.168.1.3 -H /usr/novell/NCP1/homes/ -k 'ou=new- 
context, o=company’ mls.yaml > maptrustees.yaml 


The -H option replaces the home directory of the source server user with the new home directory 
specified by -H option. The -H option is a path to the base directory that includes all the home 
directories. If the users don’t have home directories, this option doesn’t need to be used. 


Migrate the trustees to the target server: 
migtrustees -d 192.168.1.67 --specific-password novell maptrustees.yaml 


If you want to assign each user a random password, use --random-password option, it stores 
the passwords in a file. To avoid password theft, dispose of the password file in a secure manner 
after you have communicated the new passwords to their respective users. 


(Conditional) When migrating to an NCP Linux volume, if you want to preserve file ownership in 
the target tree, you should LUM-enable the migrated users before continuing. For more 
information on LUM-enabling users, see “LUM Implementation Suggestions” in the OES 2015 
SP1: Planning and Implementation Guide. 


Migrate the data from source volume SRCVOL to target NCP Linux volume NCP1: 
migfiles -s 192.168.1.3 -V SRCVOL -x /usr/novell/NCP1/ -i --no-trustees 


After the users have been migrated (this only needs to be done once), various data volumes can 
be migrated. Repeat Step 1 to Step 5 to migrate other volumes on the source server. 


Map the trustee rights on the source server: 


maprights -V SRCVOL -k ou=new-context,o=company -x /usr/novell/NCP1/ mls.yaml > 
maprights.yaml 


Migrate the trustee rights to the target server: 
migrights -i maprights.yaml 


Repeat Step 1, Step 6, and Step 7 to migrate trustee rights for each source volume being 
migrated. 


Tree-to-Tree Migration with Trustees Already Migrated to the New Tree and 
Reorganized in the New Tree. 


The following example shows how to migrate data from a source NetWare server in one tree to a 
target server in another tree. In this example, the target volume is an NSS volume, and the users 
have already been migrated by using tools like Novell Identity Manager so that they now reside in 
different contexts in the target tree. In this example, the migration tool is used only to migrate the data 
and map the trustees correctly. 


1 


2 


Create a list of files and trustees on volume V1 on the source server with IP address 
192.168.1.3: 


mls -s 192.168.1.3 -V V1 > mls.yaml 


Match the users on the source server to the users on the target server: 
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migmatchup -s 192.168.1.3 -d 192.168.1.67 -k 'ou=re-org,o=company' mls.yaml > 
migmatchup.yaml 


migmatchup searches for the trustees in their source context. If it doesn't find a matching trustee, 
it searches the container specified with the -k option recursively and matches the first trustee 
with the same name. If the trustee with the same name is not found, it is not matched. 


If the trustee name is changed, then the output of migmatchup can be edited so that each source 
trustee is mapped to the corresponding user on the target tree. 


(Conditional) When you are migrating to a NCP Linux volume, if you want to preserve file 
ownership in the target tree, you should LUM-enable the migrated users before continuing. For 
more information on LUM-enabling users, see “LUM Implementation Suggestions” in the OES 
2015 SP1: Planning and Implementation Guide. 


Migrate the data from source volume SRCVOL to target NSS volume TGTVOL: 
migfiles -s 192.168.1.3 -V SRCVOL -x /media/nss/TGTVOL/ -i --no-trustees 


After the users have been migrated (this only needs to be done once), various data volumes can 
be migrated. Repeat Step 1 to Step 4 migrate other volumes on the source server. 


Map the trustee rights on the source server: 


maprights -V SRCVOL --matchup-file migmatchup.yaml -x /media/nss/TGTVOL/ 
mls.yaml > maprights.yaml 


Migrate the trustee rights to the target server: 
migrights -i maprights.yaml 


Repeat Step 5 and Step 6 to migrate trustee rights for each source volume being migrated. 


Limitations 


Following are the limitations when performing tree-to-tree migrations: 


¢ If users have home directories on a volume that is migrated, the Home Directory attribute is 


changed only for users who are assigned as trustees or belong to the groups that are assigned 
as trustees. 


+ Ifthe maptrustees and migtrustees commands are used to migrate the users then the 


following User Object attributes are migrated: 
+ Common Name (CN) 
+ Country 
+ Description (description) 
+ E-mail Address (mail) 
+ Fax Number (facsimileTelephoneNumber) 
+ Full Name (fullName) 
+ Generational Qualifier (generationQualifier) 
+ Given Name (givenName) 
¢ Initials (initials) 
+ Language (Language) 
+ Locality Name (I) 
+ Lockout After Detection (lockedByIntruder) 
+ Login Allowed Time (loginAllowedTimeMap) 
+ Login Disabled (loginDisabled) 
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+ 


+ When LUM-enabled users are migrated to a new tree, they are no longer LUM-enabled. 


Login Expiration Time (loginExpirationTime) 

Login Grace Limit (loginGraceLimit) 

Login Grace Remaining (loginGraceRemaining) 

Login Intruder Limit (loginIntruderAttempts) 

Login Maximum Simultaneous (loginMaximumSimultaneous) 
Login Script (loginScript) 

Network Address Restriction (networkAddressRestriction) 
Organizational Name (0) 

Organizational Unit Name (ou) 

Password Allow Change (passwordAllowChange) 
Password Expiration Interval (passwordExpirationInterval) 
Password Expiration Time (passwordExpirationTime) 
Password Minimum Length (passwordMinimumLength) 
Password Required (passwordRequired) 

Password Unique Required (passwordUniqueRequired) 
Physical Delivery Office Name (physicalDeliveryOfficeName) 
Post Office Box (postOfficeBox) 

Postal Address (postalAddress) 

Postal Code (postalCode) 

State or Province Name (st) 

Street Address (street) 

Surname (sn) 

Telephone Number (telephoneNumber) 

Title (title) 


Migrating Data to a POSIX File System 


This section provides information on migrating data from source NSS volumes to a POSIX file system 
such as EXT3 or Reiser on a target server. 


+ “Mapping Users, Groups, and File Attributes to POSIX” on page 125 


+ “Example” on page 126 


¢ “Limitations” on page 127 


Mapping Users, Groups, and File Attributes to POSIX 


In this type of migration, eDirectory users and groups are migrated to POSIX. The useradd and 
groupadd commands are used to create the POSIX users and groups corresponding to their 
eDirectory equivalents, and the NetWare file attributes are mapped to the POSIX rwx permissions. 


Objects in eDirectory with an objectClass of Organization, groupOfNames, or organizationUnit are 
mapped to POSIX groups. Those with objectClass organizationalPerson are mapped to POSIX 


users. 
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Because POSIX user and group names are more restrictive than eDirectory object names, the 
following conventions are used to map the common name (cn) of the objects to POSIX: 


+ Names with 32 or more characters are truncated to 31 characters in length. 


+ Characters not belonging to the POSIX portable character class ([A-Za-z_] [A-Za-z0-9_-.] * [A- 
Za-z0-9_-.$]) are replaced by an underscore ( _ ) character. 


For more details about POSIX names, see the man page for the useradd command. 


NetWare file attributes are mapped as shown in Table 17-2. 
Table 17-2 Mapping NetWare Attributes to POSIX Permissions 


NetWare Attribute POSIX Permissions 


No attributes set rw_ 


Read Only and Hidden 


Read Only r 


Hidden W. 


For directories, the execute bit for the owner is set. 


NOTE: These mappings are based on NetWare attributes, not trustee rights. Administrators should 
evaluate the post-migration POSIX permissions and make adjustments as necessary to maintain 
suitable data security for users. 


1 Run the migfiles command to copy the data from the source to the target server. 


2 (Conditional) If you need to modify the home directories of the migrated users, run the following 
three commands in the order specified: 


mls 
maptrustees 
migtrustees 


3 Run the following commands in the order shown: 


mls 
maprights 
migrights 


Example 


The following example shows how to migrate data to a POSIX file system. 


1 Create a list of files and trustees on volume SRCVOL: 
mls -s 192.168.1.3 -V SRCVOL > mls.yaml 
2 Map the trustees on the source server and output the list to a file: 
maptrustees -s 192.168.1.3 -p -H /data/home/ mls.yaml > maptrustees.yaml 


The -H option replaces the home directory of the source server user with the new home directory 
specified by -H option. The -H option is a path to the base directory that includes all the home 
directories. If the users don’t have home directories, this option doesn’t need to be used. 


3 Migrate the trustees to the target server: 
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migtrustees -p --specific-password novell maptrustees.yaml 


If you want to assign users with random password, use the - -random-password option, it stores 
the new passwords in an output file. To avoid password theft, dispose of the password file in a 
secure manner after you have communicated the new passwords to their respective users. 


4 Migrate the data from the volume SRCVOL on the source server with IP address 192.168.1.3 to 
the target POSIX path: 


migfiles -s 192.168.1.3 -V SRCVOL -x /path/to/copy --no-trustees -pi 
Substitute the desired target POSIX path for /path/to/copy. 


Users must be migrated before migrating data volumes. Repeat Step 1 to Step 3 for migrating 
trustees. 


5 Map the trustee rights on the source server: 


maprights -p -V SRCVOL1 -x /path/to/copy -m maptrustees.yaml mls.yaml > 
maprights.yaml 


6 Migrate the trustee rights to the target server: 
migrights -p maprights.yaml 
Repeat Step 4, Step 5, and Step 6 for each source volume being migrated. 


Limitations 


Sparse files are copied as normal files when migrated from NSS to POSIX. This is because of a 
known limitation from the POSIX perspective. Sparse files are generally supported on restore by 
restoring the data areas to sparse locations in the file system. The file system then determines 
whether or not to preserve the sparse nature of the file. POSIX file systems do not preserve the 
sparse nature of sparse files. 


File System Migration Commands 


The migration tool include several command line tools for file system migrations. Each tool performs 
a subtask of the migration by taking the required input and outputting the converted output or results 
to stdout. Table 17-3 lists the commands that are available for file system migrations. 


Table 17-3 File System Migration Commands 


Command Description 

mls Lists all files in source NSS path, with associated trustees, rights, and quotas. 
migmatchup Matches users and groups from the source server to the target server. 
maptrustees Maps users and groups from the source server to the target server specifications. 
migtrustees Creates users and groups on the target server based on the output generated by the 


maptrustees command. 


migfiles Copies files and folders from a source server to a target server. 

maprights Maps NetWare NSS/Traditional or OES NSS file system rights to OES 2015 or later file 
system rights. 

migrights Sets file rights on the target server as defined by the output from the maprights 
command. 

migcred Establishes persistent credentials for the migration utilities. 
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The sections that follow discuss these commands and their options in greater detail. You can also 
refer to the respective man page for each command or use the -h (- -help) and - -usage options. 


mis 


The mls command lists files and associated trustees, rights, and quotas from source servers. The 
output from this command is used as input for both maprights and maptrustees. 


To gather the required information for NetWare Traditional or NSS volumes, mls copies tcnvlnx.nim 
to the NetWare server. To gather this information for OES NSS volumes, it uses 
the. trustee_database. xml file in the ._ NETWARE directory. 


Syntax 


mls -s -V|-X [--continue-after-failover] [-e] [-c] [--precheck] [--update-ifnewer] [--progress] [--progress- 
interval] [--use-casa] [--source-unsecure-ldap] [--source-Idap-port] [--debug] [--modified-after] [-- 
modified-before] [--accessed-after] [--accessed-before] [--no-dirquotas] [--no-userquotas] 


Options 


Option Long Form 


Purpose 


-S --source-server Specifies the source server’s IP address. 
Example: -s 192.168.1.3 
-V --source-path Specifies the volume or directory path to use on the source server. 
Examples: -V NSSVOL 
-V VOL1:/apps/data 
-X --source-full-path Indicates the full path of the volume to use on the source server. 
--continue-after- Specifies that mls continues migration after a resource failover. 
failover 
-e --exclude Excludes filter on files to be copied. Use this multiple times for excluding 


multiple file types (eg. -e "*.mp3" -e "*. tmp"). 


[ - -use-casa] 


Uses CASA to store and retrieve usernames and passwords. 


--source-unsecure- 
Idap 


Uses unsecure LDAP connection for all LDAP calls. By default mls uses 
secure LDAP. 


--source-Idap-port 


Uses the specified port for LDAP calls. By default, it uses port number 389 for 
unsecure LDAP and 636 for secure LDAP. 


--session-file 
--progress 
--progress-interval 
--debug 


--precheck 


These options are explained in the Additional Migration Options. 


--modified-after 


Scans files which are modified after this date. 


--modified-before 


Scans files which are modified before this date. 
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Option Long Form Purpose 
--accessed-after Scans files which are accessed after this date. 
--accessed-before Scans files which are accessed before this date. 
--no-dirquotas Directory quota information is not listed. 
--no-userquotas User quota information is not listed. 
migmatchup 


The migmatchup command uses input from the mls command to produce a mapping of users and 
groups from the source server to those on the target server. It uses ldapsearch to retrieve the user 
and group data from the source and destination LDAP server. 


Objects can be excluded from migration by specifying them in the global /etc/opt/novell/ 
migration/obj -exclude-list.conf file or a custom exclude file can be specified using the -E 
option. The global exclude file has entries to not migrate NetWare specific user like 
"cn=admin,ou=Tomcat-Roles,*". If a custom exclude file is specified then the global exclude file is not 


read. 


Syntax 


migmatchup -s -d -k [-E] [-c] [--progress] [--progress-interval] [--debug] [-- 
precheck] [--use-casa] [--source-unsecure-ldap] [--source-ldap-port] [-- 
destination-unsecure-ldap] [--destination-ldap-port] <inputfile> 


Options 


Option Long Form 


-S 


-d 


--source-server 
--destination-server 


--destination-Idap- 
container 


--obj-exclude-file 


--session-file 
--progress 
--progress-interval 
--debug 
--precheck 
--use-casa 


--source-unsecure-ldap 


Purpose 


Specifies the source server's IP address. 
Specifies the target server's IP address. 


Options to specify LDAP container to be searched for finding matching 
users and groups. 


Excludes the objects listed in this file from migration. The entries can 
contain pattern with wild cards * and ?. Refer to the object exclude file / 
etc/opt/novell/migration/obj-exclude-list.conf for more 
details. 


These options are explained in the Additional Migration Options. 


Uses CASA to store and retrieve usernames and passwords. 


Uses unsecure LDAP connection for all LDAP calls. By default migfiles 
uses secure LDAP. 
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Option Long Form Purpose 


--source-Idap-port Uses the specified port for LDAP calls. By default, it uses port number 
389 for unsecure LDAP and 636 for secure LDAP. 


--destination-unsecure- Uses unsecure LDAP connection for all LDAP calls. By default migfiles 
Idap uses secure LDAP. 
--destination-Idap-port Uses the specified port for LDAP calls. By default, it uses port number 


389 for unsecure LDAP and 636 for secure LDAP. 


inputfile Indicates the output file produced from the mls command from stdin. 


Example 
This example illustrates matching users and groups from source server to a target server: 


migmatchup -s 192.168.1.3 -d 192.168.1.4 -k o=company mls.yaml 


maptrustees 


The maptrustees command maps the users and groups from the source server’s tree or domain to 
the target server’s specifications. It uses input from mls to produce and map user and group data 
from the source server. You must use maptrustees when migrating data to a different tree or when 
migrating users and groups to a different context. 


By default, maptrustees maps users and groups into a new target tree. The target file server should 
be in the same tree as the LDAP target server. You can use the -k option to map users and groups 
into a single target container. 


The maptrustees command can also be used to map users and groups to POSIX users and groups 
in /etc/passwd and /etc/group. It uses ldapsearch to retrieve the user and group data from the 
source LDAP server. The source LDAP server should be in the same tree as the source file server 
that produced the mls output. 


Syntax 


maptrustees -s [-H] [--map-homedir-only] [-p] [-k] [--matchup-file] [-g] [-E] [-- 
use-casa] [--source-unsecure-1dap] [--source-ldap-port] [--debug] [--precheck] [- 
c] [--progress] [--progress-interval] <inputfile> 


Options 
Option Long Name Purpose 
-S --source-server Specifies the source server’s IP address. 
Example: -s 192.168.1.3 
[ -H] - -homedir Specifies the path to the directory for migrating user’s home 


directories. This option is used to map users’ home directories to the 
new path on the target server. 


Example: -H /media/nss/nssvol1/homedir 
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Option 


Long Name 


[--map-homedir-only] 


Purpose 


This option is used when source and destination servers are in same 
tree. This option forces maptrustees to generate only home directory 


information of users, so that migtrustees can just modify home 
directories of users. You must also pass --homedir(-H) option along 
with this option. 


[-p] [--posix] Maps users and groups to /etc/passwd and /etc/group on the 
OES server. Default is LDAP, if no mapping option is specified. 
[-k] [--destination-ldap- Specifies the container where all users and groups are to be 
container ] migrated. 
Example: -k ou=merged, o=company 
--matchup-file Specify a user matchup file as generated by migmatchup. 
[-g] [--primary-group ] Specifies the primary POSIX group for migrated users. If not 
specified, the default primary group is “users.” 
Example: -g migrated-users 
The specified group must be created before you run the 
migtrustees command, because migtrustees does not create 
the group. 
[--use-casa] Uses CASA to store and retrieve usernames and passwords. 
--source-unsecure-ldap Uses unsecure LDAP connection for all LDAP calls. By default 
migfiles uses secure LDAP. 
--source-Idap-port Uses the specified port for LDAP calls. By default, it uses port 
number 389 for unsecure LDAP and 636 for secure LDAP. 
[-E] [--obj-exclude-file] Excludes from migration the objects listed in the specified file. 
Example: -E excludefile.txt 
If this option is used, the global exclude file is not read. See 
“Excluding Objects” on page 132 for more information. 
[-c] --session-file These options are explained in the Additional Migration Options. 
--progress 
--progress-interval 
--debug 
--precheck 
inputfile Indicates the output file produced from the mls command or from 
stdin. 
Examples 


¢ This first example illustrates mapping users and groups to the same container in the target tree 
as in the source tree: 


maptrustees -s 192.168.1.3 mls.yaml 


The example assumes you have the same tree structure in the target tree as in the source tree. 
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+ This next example illustrates mapping users and groups to a new container in the target tree, 
using the output from the mls command: 


maptrustees -s 192.168.1.3 -k ou=merged, o=company mls. yaml 


A new container named ou=merged,o=company is created in the target tree, and all migrated 
users and groups are created within that container. 


¢ This third example illustrates mapping users to /etc/passwd and /etc/group in a POSIX 
environment and redirect the output to maptrustess.yaml file: 


maptrustees -s 192.168.1.3 -p mls.yaml > maptrustees.yaml 


Excluding Objects 


When generating the list of users and groups to be mapped to the target tree, maptrustees reads the 
obj-exclude-list.conf file in the /etc/opt/novell/migration/ directory and excludes the 
eDirectory objects listed in that file. 


The global exclude file includes entries for NetWare objects, such as cn=admin,ou=Tomcat-Roles. 


If you find that objects are being migrated from your source eDirectory tree that you do not want to 
appear in the target tree, you can add the objects to the obj -exclude-list.conf file. Use fully 
distinguished object names in LDAP (comma-delimited) format. For example: 


cn=testuser, ou=users, o=novell 


NOTE: NCP Server objects that are assigned as file system trustees are not migrated in a tree-to- 
tree migration. 


migtrustees 


The migtrustees command uses input from maptrustees to create users and groups in the target 
tree. It uses ldapadd and ldapmodify to make the changes on the target LDAP server. 


If the -p (- -posix) option has been specified in maptrustees, migtrustees uses useradd and 
groupadd to create users and groups in /etc/passwd and /etc/group. 


If the -g (- -primary-group) option was specified in maptrustees, the specified group must already 
exist or it must be created before running migtrustees. 


Syntax 


migtrustees -d [-i] [-A] [-m] [-p] [-r] [--use-casa] [--destination-unsecure-1dap] 
[--destination-ldap-port] [--debug] [--precheck] [-c] [--progress] [--progress- 
interval] [--specific-password] [--newusers-password-file] <inputfile> 


Options 

Option Long Form Purpose 

-d --destination-server Specifies the target server's IP address (not needed for POSIX 
migrations). 
Example: -d 192.168.1.5 

[-i] [--verbose] Prints verbose information regarding the user and group migration 


status. 
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Option Long Form Purpose 

[-A] [--audit] Audits the results of the user and group migration. 

[-m] [--modify-existing] Modifies or updates users or groups if they already exist. 

If you do not include the -m option, the migtrustees command 
displays user exists errors if a User object being migrated is already 
present in the target eDirectory tree. In this case, no modifications are 
made to the User object in the target tree. 

[-p] [--posix] Creates POSIX users and groups on destination server. Default is 
LDAP. 

--use-casa Uses CASA to store and retrieve usernames and passwords. 

--destination-unsecure-ldap | Uses unsecure LDAP connection for all LDAP calls. By default, migfiles 
uses secure LDAP. 

--destination-Idap-port Uses the specified port for LDAP calls. By default, it uses port number 
389 for unsecure LDAP and 636 for secure LDAP. 

[-c] --session-file These options are explained in the Additional Migration Options. 

--progress 

--progress-interval 

--debug 

--precheck 

[-s] --specific-password Specify the password for newly created users. You must note the 
password so that it can be forwarded to individual users. 

If the specific password or random password option is not specified, 
then the users are created but locked until you assign a password. 

[-r] --random-password Generate random passwords for new users created on the target 
server. When using this option, you must always pass the --newusers- 
password-file option so that the randomly generated passwords and 
usernames are stored in the file. 

--newusers-password-file The newly created usernames along with passwords are stored in the 
file specified with this option. This option must be passed with the -- 
random-password option 
If the specified file exists, migtrustees appends the file else it creates a 
new file with read-only permission. 

inputfile Indicates the output file produced from the maptrustees command or 
from stdin. 

Examples 


+ To migrate users and groups to a target tree, using an LDAP server with the IP address of 


192.168.1.4 in the target tree: 


migtrustees -d 192.168.1.4 -s novell maptrustees.yaml 


+ To audit the outcome of a trustee migration: 


migtrustees -d 192.168.1.4 -A -s novell maptrustees.yaml 
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+ To migrate users and groups to POSIX with verbose information: 


migtrustees -i -p -s novell maptrustees.yaml 


migfiles 


The migfiles command copies files from NetWare Traditional or NSS volumes to target NSS, NCP, 
or POSIX paths. It uses the Novell Storage Management Services (SMS) framework to migrate file 
data and metadata. 


When the migration is between two servers in the same eDirectory tree, migfiles copies the 
trustees and rights information along with the file data. When migrating data to a server in a different 
tree, migfiles copies only the file data. You must use other commands such as mls, maptrustees, 
migtrustees, maprights, and migrights to migrate the trustees and rights information. 


Syntax 


migfiles -s [-p] [-i] -v|-x -V|-X [--continue-after-failover] [--disable-login] [- 
P] [-e] [--exclude-path] [-c] [--no-trustees] [--trustees-only] [--delete- 
existing-trustees] [--use-casa] [--source-unsecure-ldap] [--source-1dap-port] [-- 
debug] [--precheck] [--progress] [--progress-interval] [--demigrate-files] [-- 
never-overwrite] [--update-ifnewer] [--modified-after] [--modified-before] [-- 
accessed-after] [--accessed-before] [--usecodeset] [--no-dirquotas] [--no- 
userquotas] [--sync] [--delete] [--delete-file-on-restore-error] [--ignore-quota- 
checking] [--trustees-dirs-only] 


General Options 


Option Long Form Purpose 


-S --source-server Specifies the source server’s IP address. 


Example: -s 192.168.1.3 


[-p] [--posix] Specifies that the target is a POSIX path. (If not specified, the default 
target type is NCP over POSIX.). 

[-i] [--verbose] Prints verbose file migration status. 

-V --source-path Specifies the source path, in VOLNAME or VOLNAME:/path format. 


Example: -V NSSVOL -V VOL:apps/data -V winshare 


@srcpathfile Specifies the source file that includes multiple source paths and is 
prefixed with a symbol (@). 


Example: -V @srcpathfile 


-V --destination-path Specifies the volume on the target server where the files are copied. 
This option cannot be used with the -x option. 


Example: -v VOL1 
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Option 


Long Form 


Purpose 


-X --destination-full-path Specifies the target path for copying NSS, NCP, or POSIX data. This 
option cannot be used with the -v option. 
Example: -x /media/nss/TEST 
@destpathfile Specifies the target file that includes corresponding target paths and is 
prefixed with a symbol (@). 
Example: -x @destpathfile 
-X --source-full-path Specifies the source path for copying NSS, NCP, or POSIX data. This 
option cannot be used with the -V option. 
Example: -X /media/nss/TEST 
--continue-after-failover Specifies that migfiles continue migration after a resource failover. 
--disable-login New logins to source server are disabled during data migration. 
-- never -overwrite Do not overwrite files that already exist on the target server. 
[-e] [--exclude] Sets an exclude filter on files to be copied. Use this option multiple 
times to exclude multiple file types. 
Example: -e "*.mp3" -e "*.tmp" 
--exclude-path Excludes the directory with the specified source path from migration. 
Use this multiple times for excluding multiple directories or files. 
--use-casa Uses CASA to store and retrieve usernames and passwords. 
--source-unsecure-ldap Uses unsecure LDAP connection for all LDAP calls. By default, 
migfiles uses secure LDAP. 
--source-Idap-port Uses the specified port for LDAP calls. By default it uses port number 
389 for unsecure LDAP and 636 for secure LDAP. 
[-c] --session-file These options are explained in the Additional Migration Options. 
--progress 
--progress-interval 
--debug 
--precheck 
--no-trustees Do not migrate trustees. 
--trustees-only Migrate only the trustees. New trustees added to the source server are 
migrated to the target server. 
--delete-existing-trustees Trustees that do not exist on the source server are deleted from the 
target server. You must use this option with --trustees-only option. 
--demigrate-files Migrates the data of HSM migrated files. By default, only stubs are 
migrated. 
--update-ifnewer Updates the file on the target server with the new data from the file on 
the source server. 
-u --modified-after Migrates files which are modified after this date. 


--modified-before 


Migrates files which are modified before this date. 
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Option Long Form 


--accessed-after 


Purpose 


Migrates files which are accessed after this date. 


--accessed-before 


Migrates files which are accessed before this date. 


--usecodeset 


Code page value of the source server. This option is applicable only 
for NetWare 5.1 server. 


--no-dirquotas 


Do not migrate directory quotas. 


--no-userquotas 


Do not migrate user quotas. 


[--sync] Synchronizes source server and target server. Migrates files from the 
source server that are not available on the target server or is modified 
after the date given. 

[--delete] Synchronizes source server and target server. You must use this 


option with --sync option. Files that do not exist on the source server 
are deleted from the target server. 


[--delete-file-on-restore-error] 


Deletes partially restored or O byte files that are created during 
synchronization . 


--ignore-quota-checking 


Disables quota checking on the target server. When migration is 
completed, migfiles enables quota checking. 


--trustees-dirs-only 


Synchronizes trustees only at the directory level. Trustees for files are 
not synchronized. This option must be used only with the --trustees- 
only option or with the sync options. 


NetWare to Linux Migration Options 


The following options can be used only in NetWare-to-Linux migrations. 


Option Long Form 


[-c] [--session-file] 
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Purpose 


Stores the migration’s progress, including the date and time of the 
migration, the source and target IP addresses, and the source and 
target volume names, in the specified session file. 


Example: -c "status.log" 


This file can be used to resume a previously halted migration job. If an 
absolute or relative path is not specified with the filename, migfiles 
searches the current working directory for the file. If the specified file 
does not exist, all files are migrated. See “Multi-Session Migration” on 
page 137 for more information. 


Option Long Form Purpose 


[-u] [--update] Migrates files newer than the date specified with this option. See 
“Updating Modified Files” on page 138 for more information. 


This option supports date/time inputs in the following formats: 
"96d -%m-%Y %H:%M:%S" 
"%d -%m-%Y %H:%M" 


where d, m, Y, H, M, and S are format variables of standard Linux date/ 
time implementations. The supported formats can be extended by 
using the DATEMSK environment variable. The DATEMSK 
environment variable must be sent to the file path pointing to the date/ 
time formats to support. See getdate(1) and strptime(3) for more 
information on using DATEMSK. 


[--no-trustees ] Excludes trustees while migrating file system data. 

[--demigrate files] Migrates the data of HSM-migrated files. By default, only stubs are 
migrated. 

[--update-ifnewer ] Updates the file if the file on the source server is newer than the file on 


the target server. This option is applicable only for data migration. 


Multiple Source Path Migration 


This command migrates the source paths listed in the source file srcpathfile to corresponding 
target paths listed in the target file destpathfile. Pass the srcpathfile with -V and destpathfile 
with -x option prefixed with a symbol (@). The sample IP address is 192.168.1.3 of the source server. 


Source Paths in srcpathfile Target Paths in destpathfile 
DATA:DEPT/finance /media/nss/DATA/finance 
DATA:DEPT/legal /media/nss/DATA/legal 


migfiles -s 192.168.1.3 -V @srcpathfile -x @destpathfile -i 


Progress Indicator 

While the migfiles command is running (without the -i option), a pound (#) character is displayed 
for every 100 files migrated. 

Multi-Session Migration 


The -c or --session-file option of the migfiles command allows you to stop the migration 
partway through and then continue it later from where it left off. This is especially useful when 
migrating large data volumes that might take several working days to copy and that must remain 
online during the migration. 


For example, the following command stores the migration’s progress and other metadata in a session 
file named V1-to-V1 090907: 


migfiles -s 192.168.1.3 -v VOL1 -V VOL1 -ni -c "V1-to-V1 090907" 


To terminate the migration session at any time, press Ctrl+C. You can resume the session later by 
reentering the migfiles command by passing the same session file V1-to-V1 090907 
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Updating Modified Files 


Another useful option for the migfiles command is the -u or --update option. This option lets you 
specify a date and time, then migfiles copies only files that have been modified after this date and 
time. This option must be used after completing a multi-session migration described above to update 
all the files modified by users during the migration. The session file contains the data and time at 
which the migration started. 


For example, the following command updates all the files on the target volume that have been 
modified at the source after 9 September 2008 at 12:30: 


migfiles -s 192.168.1.3 -v V1 -V V1 -ni -u "9-09-2007 12:30" 


maprights 


The maprights command gleans file system rights information from the mls output and maps the 
rights to a specified volume or path on the target server. You can specify a mapping to NSS, NCP, or 
POSIX rights. 


If the target server is in a different tree and users and groups are in new containers, you can use the 
-k option to migrate the users and groups into a specified container in the target eDirectory tree. 


Syntax 


maprights -V [-p] -v|-x [-k] [--matchup-file] [-m] [--debug] [--precheck] [-c] [-- 
progress] [--progress-interval] <inputfile> 


Options 


Option Long Form 


Purpose 


-V --source-path Specifies the volume or directory path to use on the source server. 
Examples: -V NSSVOL 
-V VOL1:/apps/data 
[-p] [--posix] Maps user rights to POSIX file system access rights. 
-V --destination- Specifies the volume on the target server where the rights information is 
path mapped. This option cannot be used with the -x option. 
Example: -v NSSVOL 
-X --destination- Specifies the volume path on the target server where the rights information is 
full-path mapped. You must use -x in maprights if you have used -x in migfiles. 
[-k] [--destination- Specifies an eDirectory container where all users and groups are to be 
ldap-container] migrated. You must use -k in maprights, if you have used -k in 
maptrustees. 
Example: -k ou=users, o=company 
[--matchup-file] Specify a user matchup file as generated by migmatchup. 
[-m] [--maptrustees- Specifies the name of the maptrustees file associated with this maprights 


file] 


migration (required for POSIX rights mapping). 


Example: -m maptrustees.yaml 


Migrating File Systems to OES 2015 SP1 


Option Long Form Purpose 


input file Indicates the name of the output file produced from the mls command or from 
stdin. 
[-c] --session-file These options are explained in the Additional Migration Options. 
--progress 


--progress-interval 
--debug 


--precheck 


migrights 
The migrights command uses input from maprights to set file rights on the target server. All details 


for setting rights are stated in the input file. migrights uses this information to set the rights 
appropriately on the target file system. 


Syntax 


migrights [-i] [-A] [-t] [-p] [--debug] [--precheck] [-c] [--progress] [--progress- 
interval] <inputfile> 


Options 

Option Long Form Purpose 

[-i] [--verbose] Prints verbose rights migration status. 

[-A] [--audit] Audits the results of the file rights migration. 

[-t] [--test] Performs a test run of the rights migration operation. 

[-p] [--posix] Indicates that the destination path is POSIX. 

[-c] --session-file These options are explained in the Additional Migration Options. 
--progress 


--progress-interval 


- -debug 
- -precheck 
inputfile Indicates the output file produced by the maprights or from stdin. 
[- -debug] Prints debug messages to the migrights log file located at /var/ 
opt/novell/log/migration/. 
Examples 


+ To set rights on the target file system with verbose output: 


migrights -i maprights.yaml 


+ To audit the outcome after setting rights on the target file system: 
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migrights -i -A maprights.yaml 


+ To perform a test run with the output from maprights and see if the files and users exist in the 
target tree. The test results are being directed to migrights-t.yaml: 


migrights -i maprights.yaml -t > migrights-t.yaml 
migcred 
The migcred command can be used to store, retrieve, and delete persistent credentials for the other 
file system migration commands. It uses CASA to store credential details of an identity. Amigcred 


identity can be a server IP address. With each identity, a type of user name (for example, LDAP, NDS 
Distinguished Name, or e-mail name) is stored along with an associated password. 


Syntax 
migcred -i -1|-n|-N|-c|-o|-e [-w] [-r] [-d] [--debug] 


Options 


Option Long Form Purpose 


-i --id Specifies the identity or key to identify the credential. 
Example: -i 192.168.1.3 

-1 - -1dap-dn Specifies credential details in LDAP format. 
Example: -1 cn=admin, o=company 

-n --nds-dn Specifies credential details in NDS_DN format. 
Example: -n admin.company 

-N --nds-fdn Specifies credential details in NDS_FDN format. 
Example: -N cn=admin.o=company 

-C --cn Specifies credential details in Common Name (CN) format. 
Example: -c John Smith 

-0 --other Specifies credential details in a non-specified format. 

-e --email Specifies credential details as an e-mail address. 
Example: -e admin@company.com 

[ -w] [ - -password] Retrieves a stored password. 

[-r] [ --retrieve] Retrieves credential details of an identity. 

[-d] [--delete] Deletes the credentials of an identity. 

[--debug] Print debug messages to the migcred log file. The log file is located at /var/ 

opt/novell/log/migration/ 

Examples 


+ This example illustrates storing the credential details of identity 192.168.1.3 in LDAP format. The 
command prompts for credential details, which should be entered in LDAP format 
(cn=admin,o=mycompany): 
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migcred -i 192.168.1.3 -1 

¢ This example illustrates retrieving credentials after they have been stored: 
migcred -i 192.168.1.3 -1 -r 

+ This example illustrates deleting credential details of identity 192.168.1.3: 
migcred -i 192.168.1.3 -d 


Additional Migration Options 


The Migration Tool provides additional options to be executed with file system migration utilities. 


You can execute these commands with file system migration utilities. Table 17-4 lists the additional 
options that are available for file system migrations. 


Table 17-4 Additional Migration Options with File System Commands 


Option Description 

--session-file Stores migration progress. This file is used to continue migration. 

--progress Displays the progress (in terms of percentage) of the command being 
executed. 

--progress-interval Specifies the time interval for displaying the progress of a command. 

- -debug Executes the command in a debug mode and creates a log file. 

--precheck Validates the arguments passed in a command. 


Session File 


A session file stores the status of a command, checkpoint information of a command (the point at 
which the execution of command was stopped), and parameters for validating the session file. You 
can create a session file by executing a command with --session-file option. 


An example to create a session file for the migfiles command: 


migfiles -s 192.168.1.3 -iV src_volume -v dest_volume --session-file /home/ 
migfiles_session.session 


This command migrates data from the source NSS volume src_volume to the target NSS volume 
dest_volume. You can stop the command and re-execute it at a later stage. On executing the 
command at a later stage, the migfiles_session.session file is taken as an input and the 
migfiles command starts at the point when it was last stopped. 


For example, your source volume contains 50 GB of data and after migrating 40 GB of data, migration 
was stopped. On re-executing the migfiles command, the remaining 10 GB of data is migrated. 


Sample Session File: 
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src-server: 192.168.1.3 
dest-server: 192.65.1.2 
src-path: "DFS:" 

dest-path: "/media/nss/vOL1/" 
started-on: "18-7-2008 16:8:15" 
status: stopped 

stopped-at: "DFS:db/" 

Bytes Processed: 22 


Progress 


The --progress command can be executed with any command to display the progress of the 
command being executed. 


To view progress on executing the migtrustees command: 
migtrustees -d 192.168.1.3 maptrustees.yaml -i --progress 
Output of the command: 

Created 200 trustees of 500 


When you execute the migtrustees command with the - -progress option, it displays the progress 
of trustee creation. You can set the time to display the progress by specifying the - -progress- 
interval option. 


Progress Interval 


The --progress-interval option is used along with --progress option to specify the time interval 
for displaying the progress of a command. The default time interval is 30 seconds for refreshing the 
progress of a command. 


To view progress every 10 seconds on executing the migtrustees command: 
migtrustees -d 192.168.1.3 maptrustees.yaml -i --progress --progress-interval 10 


The migtrustees command refreshes the progress every 10 seconds. 


Debug 


The --debug option executes the command in debug mode and creates a log file in /var/opt/ 
novell/log/migration folder. 


To execute mls command in debug mode: 
mls -s 192.168.1.3 -V src_volume --debug 


This command creates an mls. log file that is stored in the /var/opt/nove11/10g/migration folder. 


Precheck 
The --precheck option validates the arguments passed in a command. 
To execute the migfiles command: 


migfiles -s 192.165.1.1 -iV src_volume -v dest_volume --precheck 
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On executing this command, the - -precheck option validates the existence of the src_volume and 
dest_volume on the source server and the target server. The command authenticates to the source 
server and target server and also checks if SMS is running on the target server. 


Troubleshooting 


+ “Same Tree Scenario” on page 143 
¢ “Different Tree Scenario” on page 144 
+ “General Issues” on page 144 


Same Tree Scenario 


+ “The Migration Tool File System GUI, Volume Information Tab Displays Empty Boxes for Non- 
English Directory Names.” on page 143 


+ “Error nbackup: open file” on page 143 
¢ “Error nbackup: execute only files” on page 143 


¢ “Error nbackup: A file cannot be read and nbackup: Failed to read dataset” on page 143 


The Migration Tool File System GUI, Volume Information Tab 
Displays Empty Boxes for Non-English Directory Names. 


In the migration tool file system GUI, Volume Information tab displays empty boxes for non-english 
directory names.This issue occurs if the corresponding language is not installed on the source server. 


To install fonts for non-english languages, run yast2 language, and select languages in the 
Secondary Languages pane. After installing required languages, restart the migration project. 


Error nbackup: open file 


Open files on the source server are not migrated. If files are open, they are not migrated because this 
causes data inconsistencies. 


Close the files and then perform migration. 


Error nbackup: execute only files 


nbackup encountered files with the Execute-only bit set. By default, these files are not copied. 


If you want to copy the Execute-only files, use the tsafs /ExcludeExecute0nly=0 setting on the 
source NetWare server. 


Error nbackup: A file cannot be read and nbackup: Failed to read 
dataset 
Source volumes or the target volumes are unavailable or are renamed during migration. 


Do not rename volumes when migration is in progress. If migration stops because a volume is 
unavailable, ensure that the volume is properly activated and mounted, then restart the migration 
project. 
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Different Tree Scenario 


+ “Ownership Information is Changed on Migrating from NSS to NCP” on page 144 


Ownership Information is Changed on Migrating from NSS to NCP 


If the ownership information is changed on migrating from NSS to NCP, make sure you LUM-enable 
the users that are migrated into the target eDirectory tree before you run the migfiles command. 


If you LUM-enabled the users that were migrated into the target eDirectory tree and still don't see the 
proper ownership information (for example, the owner is nobody as viewed in POSIX, or the server 
name as viewed by the Novell Client), try the following: 

1 At the OES server terminal prompt, enter namcd cache_refresh. 

2 Synchronize the eDirectory replicas by using DSREPAIR. 

3 Enter nsscon /resetidcache. 

4 To verify the information of the owner, enter: 

ls -l /usr/novell/NCP1 


General Issues 


¢ “File System Migration Fails with FATAL error: nbackup command failed to complete” on 
page 144 


+ “File System Migration Fails When TSAFS is Set to Netware Mode on a OES11 Server” on 
page 144 


+ “When You Configure the File System GUI, an Error is Displayed that the Volumes on the Source 
Server (NetWare 6.0 or Later) are Not Mapped” on page 145 


+ “When You Start Migration, an Error is Displayed and Migration Fails” on page 146 
+ “Migration Fails Due to Failure of the migtrustees Command” on page 146 

+ “Not Getting the Code Page and Non-English Characters” on page 147 

+ “Source Cluster Volumes are Not Displayed” on page 147 

¢ “Files or Trustees are Not Synchronized” on page 147 


File System Migration Fails with FATAL error: nbackup command 
failed to complete 


There might be two admin users in the system (local admin user and eDirectory admin user). The 
failure was caused because the local admin user which does not have permission was trying to 
perform file system migration. 


To resolve this issue, delete or rename the local admin user, then perform file system migration. 


File System Migration Fails When TSAFS is Set to Netware Mode on 
a OES11 Server 


To resolve this issue, set the parameter tsamode to Linux in the /etc/opt/novell/sms/tsafs.conf 
file. 
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When You Configure the File System GUI, an Error is Displayed that 
the Volumes on the Source Server (NetWare 6.0 or Later) are Not 
Mapped 


If the Novell Client fails, the volumes on the source server are not mapped. The file system migration 
does not depend on the Novell Client commands, but it uses nwmap to map the source volumes. The 
details of the error is logged in /var/opt/novell/migration/<project name>/log/ 

filesystem. log. 


To troubleshoot this issue, perform the following: 


1 Verify the status of the Novell Client by entering the following command: 


rcnovfsd status 


la If the service is running, restart the service by entering the following command: 


1b 


rcnovfsd restart 
or 
If the service is not running, start the service by entering the following command: 
rcnovfsd start 


To configure the file system, select the file system and click Configure. 


2 (Conditional) If the error is displayed again, verify the status of novell-xregd service by entering 
the following command: 


rcnovell-xregd status 


2a If the status is running, restart the service by entering the following command: 


2b 


2c 


rcnovell-xregd restart 

or 

If the status is not running, start the service by entering the following command: 
rcnovell-xregd start 

Restart the Novell Client by entering the following command: 

rcnovfsd restart 


To configure the file system, select the file system and click Configure. 


3 (Conditional) If the error is displayed after restarting novfsd and novell-xregd services, refer to 
the log file to verify if the Novell Client has failed to resolve the IP address. 


3a 


3b 


3c 


If the IP address was not resolved, create a /etc/opt/novell/ncl/protocol.conf file 
and add the following line in it: Name_Resolution_Providers=NCP, SLP, DNS 


Restart the Novell Client by entering the following command: 
rcnovfsd restart 


To configure the file system, select the file system then click Configure. 
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When You Start Migration, an Error is Displayed and Migration Fails 


When you click Start in the main migration window, migration fails and you receive the error that no 
data sets are found. 


+ “Source Server is OES 2 SP3 or OES 11” on page 146 


Source Server is OES 2 SP3 or OES 11 


Migration might fail if there is some problem during the setup and zapi is not loaded on the source 
server. To troubleshoot this issue, perform the following: 
1 Verify that zapi is loaded on the source server by executing the following command: 
lsmod | grep zapi 
2 (Conditional) If zapi is displayed in the list then update the zapi. 
3 (Conditional) If zapi is not displayed in the list, restart SMDR. 
novell-smdrd restart 


4 Click on Start, to start the migration. 


Migration Fails Due to Failure of the migtrustees Command 


The migtrustees command fails with a fatal error which is recorded in the filesystem. log file. 


The migtrustees command takes input from the maptrustees. yam] file, which includes various 
attributes. Some special characters are included in the loginScript attribute of the maptrustees.yaml 
file which is not recognized by the migtrustees command causing failure in migration. 


To troubleshoot this issue, perform the following steps: 


1. Open the iManager page on the source server. 
2. Click Users > Modify Users. 
3. Select the username, which has special characters in the login script. 


For example, if you see the error for cn=testuser,ou=users,o=novell in the filesystem. log file, 
select testuser from the user list. 


. Click General > loginScript. 
. Remove the special characters from the login script. 


. Click on apply then ok. 


NX Oo Sf 


. Remove the migtrustees.session, maptrustees.session and the maptrustees. yaml files 
from the /var/opt/novell/migration/<Project name>/fs/ folder of the target server. 


This ensures that we re-execute the maptrustees command when continuing the migration 
process. 


8. Click Start on the main Migration Tool window of the target server to continue migration. 
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Not Getting the Code Page and Non-English Characters 


+ “Migrating from Netware 6.5 or Later” on page 147 


Migrating from Netware 6.5 or Later 


The language pack is not installed on the target server, so the code page and the non-English 
characters are not displayed. 


You need to install the language pack of the source server on the target server before starting the 
migration tool. 


Source Cluster Volumes are Not Displayed 


This issue occurs because the Is Cluster Resource option is not selected in Source Server 
Authentication or the cluster resource is down. 


If the Is Cluster Resource option is not selected, select the option from Source Server 
Authentication, then reconfigure. 


or 


If the Is Cluster Resource option is selected and the cluster volumes are not displayed, verify the list 
of cluster volumes by executing the following command: 


/opt/novell/sms/bin/smstool --list-cluster-volumes -R <resourceIP> -U 
<admin_credentials> 


Files or Trustees are Not Synchronized 


If files are open on the source server during synchronization, those files are not synchronized with the 
files on the target server. If trustees are deleted on the source server during or before 
synchronization, the trustees are not migrated. Ensure that you verify the following before 
synchronizing, then click Sync. 

+ No application or user is accessing the source volumes that are being copied. 


+ Select disable login in the file system GUI to restrict access to the source volumes. 
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Migrating eDirectory to OES 2015 SP1 


eDirectory migration to Open Enterprise Server (OES) 2015 or later requires the migration of the 
eDirectory data and server identity to provide seamless accessibility after migration. The eDirectory 
migration utility performs all of the pre-migration tasks, health validations and server backups, server 
migration, and post-migration tasks for you. 


The following sections give you more details on the migration procedure for eDirectory: 


+ “Planning Your Migration” on page 151 
+ “Migration Tools” on page 152 
¢ “Migration Procedure” on page 153 


+ “After the Migration” on page 154 


Planning Your Migration 


This section lists the important requirements that must be verified before attempting eDirectory 
migration. 


IMPORTANT: If the eDirectory version is 8.7.3.6 or earlier on the NetWare server, you must backup 
the sys:/system/backupcr .n1m file. 


On performing migration from Netware to OES 2015 or later, the backupcr . nlm on NetWare server is 
overwritten with the newer version. In case of failure, restore the backupcr.nlm. 


¢ “System Requirements” on page 151 
+ “Prerequisites” on page 151 

+ “Supported Platforms” on page 152 
¢ “Considerations” on page 152 


+ “Troubleshooting” on page 152 


System Requirements 


(O The target server must run OES 2015 SP1 with the migration pattern selected. 


O OES 2015 or later does not support multiple instances of eDirectory on the same server, so any 
non-default instances should not be running during migration 


(O The source server should be running and should not be part of any partition operation. For more 
information on supported source server versions, refer to the “eDirectory Coexistence and 
Migration” in the OES 2015 SP1: Planning and Implementation Guide. 


Prerequisites 


O The eDirectory migration utility can run only on the target server and must be able to access the 
source server remotely. 
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O All servers that share a replica with the server to be restored are up and communicating. This 
allows the restore verification process to check with servers that participate in the same replica 
ring. 

For more information, see “Preparing for a Restore” in the NetIQ eDirectory 8.8 SP8 
Administration Guide. 


Supported Platforms 


The eDirectory migration utility is designed to run on OES 2015 or later, which is the target platform 
for migration. For more information on the compatible eDirectory versions at the source and the 
corresponding target servers, refer to the “Prerequisites” on page 43 and “Support Matrix for NetWare 
and OES Services” on page 18. 


Considerations 


+ IP address and DNS migrations are not performed by this migration utility. 


+ Only the eDirectory instance is migrated. Applications depending on eDirectory are not migrated 
by this utility. 

+ You should not use this migration methodology if you want both the servers to be available 
during the migration operation. 


NOTE 


Only the target server is available after the Transfer ID migration. The eDirectory DIB on the 
source server is locked. Other service migrations cannot be performed after completing Transfer 
ID migration for eDirectory. The source server can be brought back by restarting the eDirectory 
server, but you should do this only if the Transfer ID migration is unsuccessful. 


Troubleshooting 


+ “Migration Issue” on page 152 


Migration Issue 
If the source server is running eDirectory 8.6.2, the following error is encountered: 


The NDS schema in this tree is out of date. You must run ndsrepair to correct it. 
Please consult the readme for further instructions. ERROR -722: Setup for NDS 
installation failed. Please make certain that you have provided the complete server 
and admin contexts. 

ERROR: /opt/novell/eDirectory/bin/ndsconfig return value = 78. 


To workaround this issue, do the following: 


On the master eDirectory 8.6.2 server, run dsrepair, Advanced Options Menu > Global Schema 
Operations, then select Post NetWare 5 Schema Update > Yes. 


Migration Tools 


The eDirectory migration can be performed independently or by using the OES migration framework. 
The complete migration task is performed by invoking the migedir command line utility. 
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Migration Procedure 


1 Run the migedir utility by entering the following command on the target server: 


migedir [-A <log directory name>] [-s <IP address>] [-t] [-h] [-i] [-u] [-a] [- 
w] [-B] [-R] 


The utility takes the following command line options: 


Option Description 

-A directory name Enables auditing. directory name specifies the directory in which log files should 
be created. 

-S IP address Specifies the IP address of the source server containing the eDirectory instance to 
be migrated. 


-t 


IMPORTANT: -s is a mandatory parameter. 
Tests the validity of the input parameters. 


NOTE: This option verifies the IP address; however, it does not perform the actual 
migration. 


Prints help about using this utility. 
Enables the verbose mode. 
Enables the unattended mode. 
Specifies the tree adminDN. 
Specifies the admin password. 
Enables the Backup Only mode. 


Enables the Restore Only mode. 


2 Follow the on-screen instructions as the utility performs the migration. 


The migration utility does some pre-migration checks, performs the migration, then does some 
post-migration tasks. 


+ 


+ 


+ 


+ 


“Pre-migration” on page 153 
“Migration” on page 154 
“Post-migration” on page 154 


“Handling Failures” on page 154 


Pre-migration 


The utility performs the following checks: 


+ The health and state of the replicas in the ring are verified. 


+ Time synchronization is verified between the source and target servers. 
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Migration 


The utility performs the migration of the eDirectory instance from the collected configuration 
information. This involves backing up the source server data, locking the eDirectory instance in the 
source server, migrating data to the target server, and restoring the eDirectory instance on the target 
server. The dependent NICI files are also migrated. 


Post-migration 
After migration, the following tasks are performed by the utility: 
+ The nds.conf configuration file is modified with the source server eDirectory instance 
information, such as tree name and server name. 
+ The eDirectory instance in the target server is restarted so it can use the new data. 


+ Network address repair is performed to start the synchronization of the new IP address in the 
replica ring. 


Handling Failures 


During migration, the database in the source server is locked to avoid multiple copies of the instance 
running on the source and target servers. Multiple copies of the same instance can lead to data 
inconsistency. If the process fails and if you intend to bring up the source server again, you need to 
perform the following tasks: 


1 Remove the partially migrated eDirectory instance on the target server. 


For more information on removing the eDirectory instance from a server, refer to the ‘Removing 
a Server Object And Directory Services From a Tree’ (http://www.novell.com/documentation/ 
edir88/edirin88/data/a79kgOw.html#bxm6fn9) in the eDirectory 8.8 Installation Guide. 


2 Bring up the source server by reloading the directory services. Make sure that the source server 
is brought up on the network only when the migration fails. The database backup and log files 
are saved in the SYS: \ folder. 


After the Migration 


After migration, the target eDirectory instance listens on the IP address of the target server and not on 
the source server’s address. It requires additional time after migration for the eDirectory instance to 
synchronize the new IP address in the replica ring. Successful eDirectory migration can be verified by 
performing eDirectory operations on the new IP address. 


If you want to use the existing security certificates, you must change the IP address of the target 
server to that of the source server. If you don’t want to do this, you must issue new certificates. 


NOTE: If you change the IP address of the target server after migration, you must modify the 
nds.conf file, restart the eDirectory instance, and repair the network address and partitions replica 
manually. For more information on repairing eDirectory instance, refer to ‘Advanced DSRepair 
Options’ (http:/Awww.novell.com/documentation/edir88/edir88/data/aflm3p7.html) in the eDirectory 
8.8 Administration Guide. 
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Migrating AFP to OES 2015 SP1 


Migration refers to the process of migrating the Novell AFP services to target OES 2015 SP1. 


For general information about the OES Migration Tool, see the Chapter 1, “Overview of the Migration 
Tools,” on page 15 


The following sections give you more details on the migration procedure for AFP. 


¢ “Migrating AFP from Netware to OES 2015 SP1” on page 155 
+ “Migrating AFP to OES 2015 SP1” on page 158 


Migrating AFP from Netware to OES 2015 SP1 


In these sections, the NetWare server is referred to as the source server and the OES 2015 SP1 
server as the target server. 


+ “Requirements” on page 155 

+ “Migration Scenarios” on page 155 

¢ “Migration Procedure” on page 156 

¢ “Verifying the Migration Process” on page 157 


¢ “Cross-Platform Issues” on page 157 


Requirements 


Make sure your source server and target server meet the following requirements: 


Source Server Requirements 


+ NetWare 6.5 SP8 


Target Server Requirements 


+ OES server with AFP. For instructions see, instructions in “Installing and Setting Up AFP” in the 
OES 2015 SP1: Novell AFP for Linux Administration Guide. 


+ The NSS data should be already migrated. For details see, Chapter 17, “Migrating File Systems 
to OES 2015 SP1,” on page 105 


Migration Scenarios 


AFP supports the following migration scenarios: 


¢ Migrating Servers through Server Consolidation 


+ Migrating Servers through Transfer ID 


For more information about these scenarios, see “Migration Scenarios” on page 16. 
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NOTE: AFP does not support migration across different eDirectory trees. However, it can be 
achieved by using the Different Tree scenario to migrate the file system, then reconfiguring AFP on 
the target server: 


For details, see “Migrating Data to a Server in a Different Tree” on page 120 and “Installing and 
Setting Up AFP” in the OES 2015 SP1: Novell AFP for Linux Administration Guide 


Migration Procedure 


Migrating the AFP configuration is done by using the Migration Tool or through the command line 
interface. 


NOTE: Before migration, manually edit afptcpd.conf file and set the number of threads within the 
valid range. For more information, see “Modifying Thread Range” on page 156. 


+ “Modifying Thread Range” on page 156 
+ “Using the Migration Tool to Migrate” on page 156 
+ “Using Command Line Utilities to Migrate” on page 156 


Modifying Thread Range 

Beginning with OES 2015, the valid thread range is changed to as follows: 
Minimum threads: 3 to 32, default value: 3 

Maximum threads: 4 to 512, default value: 32 


Before migration, manually edit afptcpd.conf file and set the number of threads within the valid 
range and proceed with the migration procedure. If it is not changed and the minimum or maximum 
threads is out of the range, then AFP server will use default number of threads. 


Using the Migration Tool to Migrate 


1 Click Computer > More Applications > System > Novell Migration Tools to access the Migration 
Tool Utility. 

2 Authenticate to the source and target servers. 

3 Select Novell AFP, then click Configure. The AFP configuration window is displayed. 


4 Click Migrate to begin the migration process. 


Using Command Line Utilities to Migrate 


To run the AFP migration utility through the command line, run migafp with the following parameters: 
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Table 19-1 migafp Command Line Parameters 


Parameter Description 

-h Prints a summary of the migration process 

-S IP address of the source server 

-u DN of the source tree admin. For example : cn=user, o=company) 
-W Admin password to authenticate to the source server 

For example: 


migafp -s 10.10.10.1 -u cn=sourceadmin.o=novell -w password 


Verifying the Migration Process 


1 Ensure that all the context details from sys :/etc/ctxs .cfg (NetWare context file) are migrated 
to /etc/opt/novel1/afptcpd/afpdircxt.conf (OES 2015 or later server context file). 


2 Verify by running the command rcnovell-afptcpd start. 


Cross-Platform Issues 


AFP on Linux uses Universal Password as the authentication mechanism instead of the Simple 
Password authentication mechanism on NetWare. During migration from NetWare to Linux, the 
simple passwords on the NetWare system are synchronized to the Universal Password, so that the 
user can authenticate seamlessly to the AFP service on the Linux server. 


This feature is restricted based on the following conditions: 


+ To synchronize the password of a first-time login user, authentication must happen using Diffie 
Hellman Exchange-2, Diffie Hellman Exchange, or Clear-text authentication method. To set the 
type of authentication, ensure that the authentication method (AUTH_UAM) option in /etc/opt/ 
novell/afptcpd/afptcpd.conf file is set to DHX2, DHX, cleartext. 


The automatic password synchronization will not occur if the user authenticates by using the 
Random Exchange or Two-way Random Exchange method of authentication. 


¢ If you use the Diffie Hellman Exchange-2, Diffie Hellman Exchange, or Clear-text authentication 
method, the eDirectory service (ndsd) must be started with the environment variable 
NDSD_TRY_NDSLOGIN_FIRST set to TRUE. 


If the above conditions are not met, all the users with Simple Passwords are required to manually 
authenticate to the AFP server on NetWare after they are enabled for Universal Password, in order to 
trigger the password synchronization to Universal Password. 
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Migrating AFP to OES 2015 SP1 


This section describes how to migrate AFP from an OES source server to OES 2015 SP1 target 
server. 


Before you proceed with the migration, review “Prerequisites” on page 158. 


¢ “What is Migrated” on page 158 

+ “Prerequisites” on page 158 

+ “Modifying Thread Range” on page 158 
+ “Migration Procedure” on page 158 


¢ “Verifying Migration” on page 159 


What is Migrated 


+ Server configuration information 
+ Volume Aliases information 


+ Contexts 


Prerequisites 


+ OES server is already installed and AFP is configured. For details, see OES 2015 SP1: Novell 
AFP for Linux Administration Guide. 


+ NSS Pools and volumes are already migrated to the new OES 2015 SP1 server from supported 
OES server. Use the cluster migrate resource_name node_name command to migrate the 
cluster pools and volumes. For details, see “Using the Cluster Migrate Command” in the OES 
2015 SP1: Novell Cluster Services for Linux Administration Guide. 


+ 


Non-cluster NSS volumes are already migrated to the new OES 2015 SP1 server from 
supported OES server. This can be done by unmounting the corresponding file system from the 
source machine and mounting it on the target machine. 


+ 


Before migration, manually edit afptcpd.conf file and set the number of threads within the valid 
range. For more information, see “Modifying Thread Range” on page 158. 


Modifying Thread Range 


Beginning with OES 2015, the valid thread range is changed to as follows: 
Minimum threads: 3 to 32, default value: 3 
Maximum threads: 4 to 512, default value: 32 


Before migration, manually edit afptcpd.conf file and set the number of threads within the valid 
range and proceed with the migration procedure. If it is not changed and the minimum or maximum 
threads is out of the range, then AFP server will use default number of threads. 


Migration Procedure 


1 Migrating Server Configuration information: 
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Manual: Edit the /etc/opt/novell/afptcpd/afptcpd.conf in the source server and add 
support for DHX2 authentication and subtree search in the AUTH_UAM tag. After modifying the 
afptcpd.conf file, copy it from the source server to the target. 


iManager: Using the iManager plug-in, enable support for DHX2 authentication and subtree 
search. For details, see “Administering the AFP Server'in the OES 2015 SP1: Novell AFP for 
Linux Administration Guide. 


2 Migrating Volume Alias information: 


Copy the volume file /etc/opt/novell/afptcpd/afpvols.conf, from the source server to the 
target server. 


3 Migrating Context information: 


Copy the context file /etc/opt/novell/afptcpd/afpdircxt.conf from the source server to 
the target server. 


4 Restart the AFP service for the configuration changes to take effect. 


5 On successful migration, proceed to perform service specific proxy migration. For more 
information, see Chapter 32, “Migrating Proxy users to OES 2015 SP1,” on page 257. 


Verifying Migration 
Verify that the migration process is complete by checking for the following details: 


+ NMAS methods for AFP are installed and synched to the tree. For details, see “Verifying LSM 
Installation” in the OES 2015 SP1: Novell AFP for Linux Administration Guide. 


+ Login to the AFP server and attempt accessing the data. 
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0 Migrating CIFS to OES 2015 SP1 


Migration refers to the process of migrating CIFS to target server. 


¢ “Migrating CIFS from Netware to OES 2015 SP1” on page 161 
¢ “Migrating CIFS to OES 2015 SP1” on page 170 


Migrating CIFS from Netware to OES 2015 SP1 


The NetWare to Open Enterprises Server (OES) CIFS migration process can be either initiated from 
the Migration Tool or through a command line utility. For detailed information on migration through the 
Migration Tool, see Chapter 1, “Overview of the Migration Tools,” on page 15 and for information on 
the command line utility, see “Man Page for Migration” on page 167. 

e “Migration Prerequisites” on page 161 

e “Migration Scenarios” on page 161 

¢ “Migration Procedure” on page 162 

¢ “Post-Migration Procedure” on page 166 

¢ “Verifying the Migration” on page 166 

+ “Man Page for Migration” on page 167 


Migration Prerequisites 


For the migration to happen successfully ensure the following requirements are met: 
+ The CIFS server is installed and configured on the source server in one of the following 
platforms: 
+ NetWare 6.5 SP8 
For details about CIFS on a NetWare server, see the NW 6.5 SP8: AFP, CIFS, and NFS (NFAP) 
Administration Guide. 


+ The CIFS server is installed and configured on the target server (OES 2015 SP1). For details, 
see “Installing and Setting Up CIFS” in the OES 2015 SP1: Novell CIFS for Linux Administration 
Guide. 


+ NSS file system migration from the source to the target server is completed. 


Migration Scenarios 


The CIFS migration scenarios are explained in this section: 


+ “Migrate - Same Tree” on page 162 
¢ “Migrate - Different Tree” on page 162 
+ “Transfer ID - Same Tree” on page 162 


+ “What is Migrated” on page 162 
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Migrate - Same Tree 


Only CIFS shares and contexts of the source servers are consolidated. The remaining server 
configuration information is not consolidated. The target server configuration is overwritten with the 
source server configuration. For details on consolidation migration, see “Migration Scenarios” on 
page 16. 


Migrate - Different Tree 


CIFS consolidation for a Different Tree is not supported. However, it can be achieved by using the 
following procedure: 


1 Migrate the file system by using the Different Tree scenario. For details, see “Migrating Data toa 
Server in a Different Tree” on page 120. 


2 Re-configure CIFS on the target server. For details on configuring CIFS, see “Setting the CIFS 
Server and Authentication Properties” in the OES 2015 SP1: Novell CIFS for Linux 
Administration Guide. 


Transfer ID - Same Tree 
In this scenario, the target is installed into the same tree with a temporary name and IP address. At 
the end of the procedure, the source server name and IP address are swapped for the target server 


name and IP address. For details on Transfer ID migration, see Part IV, “Transfer ID Migration,” on 
page 61. 


What is Migrated 


The following table gives you a quick overview of what is migrated from NetWare CIFS to OES 2015 
SP1 CIFS for the different scenarios: 


Table 20-1 Migration Support for CIFS service 


Service supported Consolidation Transfer ID 

Same Tree Different Tree Same Tree Different Tree 
Migrating CIFS shares Yes No Yes No 
Migrating CIFS contexts Yes No Yes No 
Migrating server configuration No No Yes No 
information 


Migration Procedure 


Follow the instructions in either of these sections to perform the CIFS migration: 


+ “Using the Migration Tool” on page 163 


+ “Using the Command Line” on page 164 


Migrating CIFS to OES 2015 SP1 


Using the Migration Tool 


1 Launch the Migration Tool on the target server in one of the following ways: 
Desktop: Click Computer > More Applications > System > Novell Migration Tools. 
Terminal: Log in as the root user and at a terminal prompt, enter miggui 


For details on configuring source and target Server information, selecting a migration type, 
opening a project, and all the tool buttons, see Chapter 2, “Overview of the Migration GUI,” on 
page 21. 


2 Click Add, select Novell CIFS to migrate, and click OK. 


Add Services 
Service Name 


File System 
[Novell FTP 
Nowell NTP 

ovell CIFS 


Ok Cancel 


The Status is displayed as Not Configured. 


3 Select Novell CIFS and click Configure to configure the migration parameters. 


( CIFS Shares 


Select the Volume from Source drop down list and Browse to give its path on Target. 


soe ET 


Target \imedia/nss/¥1 Browse 
Source List Target List ] Add 

Update 

Delete 


(x) Cancel 


4 Under CIFS Shares, select the Source and Target shares for migration. Use Browse to browse 
for target shares. Use Add to add more source and target share mappings. Use Update to 
modify the configuration. Use Delete to remove the share mappings. 


When you have filled in the information, the dialog will be similar to the following: 
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CIFS Shares 


Select the Volume from Source drop down list and Browse to give its path on Target. 


Source |V¥OL1 lv 

Target | Browse 
Source List Target List | 

ark ¿media/nss/ARK 

primary /media/nss/PRIMARY 

CIFS /media/nss/ClFS 

VOL1 /media/snss/¥OL1 


(0 Help 


© cancel 


IMPORTANT: The Migration Tool does not support migration of CIFS shares on a cluster 
resource. After the file system migration, you will need to manually configure the CIFS shares on 
the target Linux system. For more information, see “Managing CIFS Shares ” in the OES 2015 
SP1: Novell CIFS for Linux Administration Guide. 


5 Click OK to complete the configuration. 
The Status is displayed as Ready. 


6 Click Migrate to start the migration process. When you are prompted to save the project, click 
Yes. 


7 Inthe next dialog box, click Yes to proceed with the migration. 


Wait for the migration to be completed. The Status changes to Migrated. The message CIFS 
Migration Successfully Completed is displayed. 


NOTE: Use the Status > Service Information to verify for errors during migration. If there are 
errors, fix them and restart the migration procedure. 


Using the Command Line 


CIFS migration requires the complete source and target server details. Run the migCifs utility on the 
target server for migrating. An example migCifs command is shown below. For details on the 
command, see Table 20-2 and see “migCifs” in “Man Page for Migration” on page 167. 


migCifs -s <sourceIPaddr> -p <sourceportnum> -a <sourceFDN> -w <passwd> -f <sec/ 
nonsecConn> -d <targetIPaddr> -q <targetportnumber> -b <targetFDN> -x <passwd> -g 
<secure/nonsecureconn> -S <MigrationType> [-m <cifssharemappings>] 


migCifs -s <sourceIPaddr> -p <sourceportnum> -a <sourceFDN> -w <passwd> -f <sec/ 
nonsecConn> -d <targetIPaddr> -q <targetportnumber> -b <targetFDN> -x <passwd> -g 
<secure/nonsecureconn> -S <MigrationType> -c 


migCifs -s <sourceIPaddr> -p <sourceportnum> -a <sourceFDN> -w <passwd> -f <sec/ 
nonsecConn> -d <targetIPaddr> -q <targetportnumber> -b <targetFDN> -x <passwd> -g 
<secure/nonsecureconn> -S <MigrationType> [-m <sourcecifsshares>] -r 
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Table 20-2 migCifs Command Details 


Command Option 
-s <sourcelPaddr> 
-p <sourceportnum> 
-a <sourceFDN> 


-w <passwd> 


-f <sec/nonsecConn> 


-d <targetlPaddr> 


-q <targetportnum> 


-b <targetFDN> 


-x <passwd> 


-g <sec/nonsecConn> 


-S <MigrationType> 


-m <mapfilename> 


Description 


Source server IP address. For example, -s 192.168.0.1. 
Port number of the source server. For example, -p 636. 
Source server FDN. For example, -a cn=admin,o=novell. 


Password for the source server FDN. For example, 
-W mysrc. 


Secure (SSL) or non-secure (Non-SSL) connection type of 
the source server. 1 for SSL and 0 for Non-SSL. SSL is 
preferred. For example, -f 1 or -f 0. 


Target server IP address. For example, -d 192.168.0.2. 


Port number of the target server. For example, 
-q 636. 


Target server FDN. For example, -b cn=admin,o=novell. 


Password for the target server FDN. For example, 
-x mytgt. 


Secure (SSL) or non-secure (Non-SSL) connection type of 
the target server. 1 for SSL and O for Non-SSL. SSL is 
preferred. For example, -g 1 or -g 0. 


Sets the Migration Type. O for Server to Server - Same Tree 
or Different Tree, 3 for Transfer ID, and 5 for Consolidation. 
For example, -S 0 or -S 3 or -S 5. 


CIFS source to the target share mapping file. This is an 
optional command. 


Create the file using any text editor. Separate individual 
sharemaps by a line. 


1. Open anew file in the text editor. 


2. Specify sourcesharename#targetsharepath. For 
example, 
share1#CIFSV1:linuxshare1 


share2#NSSvol:linuxshare2/cifsshare 
3. Specify the required number of share details and save 
the file. 


Does not migrate CIFS Shares and Server Configuration 
information from the source. Migrates only the CIFS Context 
information. 
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Command Option Description 


-r Removes the shares related to NetWare server from the 
target server after a Transfer ID migration. If -r is passed, 
migCifs considers it as repair mode and retries the server 
configuration migration. If -r is not passed, then migCifs 
considers it as migration. 


Pass the source only CIFS share file. The source shares are 
listed and each share terminated with a #. For example, / 
media/nss/CIFSV1:#. Do not pass the CIFS Password 
Policies files with this option. 


Post-Migration Procedure 


+ “Restarting the CIFS Service” on page 166 
+ “Enabling “Share volumes by default” Option” on page 166 


Restarting the CIFS Service 


1 Run the following command to restart the service: 


rcnovell-cifs restart 


Enabling “Share volumes by default” Option 
After migration of CIFS service to OES 2015 SP1, default shares will not be mounted by CIFS. 


1 View the list of all available share points using the command novcifs -sl. 


2 Check the status of "Share volumes by default" attribute using the command novcifs --list- 
servers. 


3 Enable the “Share volumes by default” attribute using the command novcifs --share-vols- 
default=<netbios name of the physical or virtual server> --value=yes. 


For example, novcifs --share-vols-default=BLR8-192.168_W --value=yes. 


Verifying the Migration 


After migration is complete, the CIFS server on the target server must be available and running as it 
used to be on your NetWare server. This verifies that the migration has been successfully completed. 


If the CIFS server is not running after migration, see “Migration” in the OES 2015 SP1: Novell CIFS 
for Linux Administration Guide. 


After a successful migration: 


+ All the CIFS shares are migrated and listed on the target server. 


+ All the CIFS contexts are migrated to the target server. 


You can verify these steps for a successful migration by using either ¡Manager or command line 
options. 


+ “Using ¡Manager to Verify the Migration” on page 167 
+ “Using CLI to Verify the Migration” on page 167 
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Using iManager to Verify the Migration 


Open iManager on the target server. 

Go to File Protocols > CIFS. 

Browse or specify the OES 2 server. 

Click OK. 

Click Start. This displays the CIFS status as Running. 


O ao fF WN e 


Click Shares. You must be able to list the sharepoints that were running on your NetWare and 
now migrated to OES 2015 SP1 server. 


For details on CIFS administration through iManager, see “Using ¡Manager to Manage CIFS”. 


Using CLI to Verify the Migration 


1 On the target server console, enter the command rcnovell-cifs status. 
2 Ifthe status is not running, enter the command rcnovell-cifs start to start the server. 
3 If the status is running, enter the command rcnovell-cifs restart to restart the server. 


4 Enter the command novcifs [-sl | --share --list] or 
novcifs [-sln sharename | --share --list --name=sharename | 


This displays the list of sharepoints that were available on NetWare and are now migrated to the 
OES 2015 SP1 server. 


For details on CIFS administration through command line utilities, see “Using the Command Line 
to Manage CIFS” in the OES 2015 SP1: Novell CIFS for Linux Administration Guide. 


Man Page for Migration 


To access this man page with the command information, enter man migCifs at the command prompt. 


+ “migCifs(8)” on page 167 


migCifs(8) 


A command line utility that communicates with the source and target servers for migrating CIFS 
configuration information from NetWare to Novell OES 2015 SP1. The command must be run ona 
target server. 


Syntax 


Migrating the CIFS Service from NetWare to OES 2015 SP1 
migCifs -s <sourceIP> -p <portnumber> -a <sourceFDN> -w <password> -f <sec/ 


nonsecConnType> -d <targetIP> -q <portnumber> -b <targetFDN> -x <password> -g <sec/ 
nonsecConnType> -S <MigType> [-m <mapfilename>]-t <source_treename> 


Synchronizing after Consolidation 
migCifs -s <sourceIP> -p <portnumber> -a <sourceFDN> -w <password> 


-f <sec/nonsecConnType> -d <targetIP> -q <portnumber> -b <targetFDN> 
-x <password> -g <sec/nonsecConnType> -S <MigType> -c 
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Repair after Transfer ID 


migCifs -s <sourceIP> -p <portnumber> -a <sourceFDN> -w <password> 
-f <sec/nonsecConnType> -d <targetIP> -q <portnumber> -b <targetFDN> 
-x <password> -g <sec/nonsecConnType> -S <MigType> [-m <sourcesharefilename>] -r 


Options 


Usage Options: 


-S <sourcelP> 


IP address of the source server. 


-p <portnumber> 


Port number of the source LDAP server. 


-a <sourceFDN> 


Fully Distinguished Name (FDN) of the source server tree administrator. 


-w <password> 


Password of the source server tree administrator. 


-f <sec/nonsecConnType> 
Enables or disables SSL connection for the source LDAP server. Set 1 for SSL and O for non- 
SSL connection. 

-d <targetIP> 


IP address of the target server. 


-q <portnumber> 
Port number of the target LDAP server. 


-b <targetFDN> 


Fully Distinguished Name (FDN) of the target server tree administrator. 


-x <password> 
Password of the target server tree administrator. 


-g <sec/nonsecConnType> 
Enables or disables SSL connection for the target LDAP server. Set 1 for SSL and 0 for non-SSL 
connection. 

-S <MigType> 


Sets the Migration Type. O for Server to Server - Same Tree or Different Tree, 3 for Transfer ID, 
and 5 for Consolidation. For example, -S 0 or -S 3 or -S 5. 


-m <mapfilename> 
Full path of the file that contains source and target server share mappings. 


-t <source_treename> 


Tree name of the source. 
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-C 


Does not migrate CIFS Shares and Server Configuration information from the source. Migrates 


only the CIFS Context information. 
-f 


Removes the shares related to NetWare server from the target server after a Transfer ID 


migration. If -r is passed, migCifs considers it as repair mode and retries the server configuration 


migration. If -r is not passed, then migCifs considers it as migration. 


Help Options 
-h | --help 
Displays the help information of the command and syntax. 
-u | --usage 
Displays the usage information of the command. 
Files 


/etc/opt/novell/cifs/cifs.conf 
CIFS configuration file. 


/etc/opt/novell/cifs/cifsctxs.conf 
CIFS context file. 


/etc/opt/novell/cifs/.cifspwdfile 
Encrypted CIFS proxy user file. 


/var/opt/novell/log/cifs.log 
CIFS server log file. 


/var/opt/novell/migration/Newproj[n]/log/cifs.log 
CIFS migration log file. 


Example 


migCifs -s 192.168.0.1 -p 636 -a cn=admin,o=novell -w novell -f 1 -d 192.168.0.2 -q 636 -b 
cn=admin,o=novell -x novell -g 1 -S O -m /cifsShares.tmp -t novelltree 


Authors 


Copyright 2005-2013, Novell, Inc. All rights reserved. http://www.novell.com 


See Also 


novcifs(8) 


Report Bugs 


To report problems with this software or its documentation, visit http://bugzilla.novell.com. 
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Migrating CIFS to OES 2015 SP1 


This section describes how to migrate CIFS from an OES server to OES 2015 SP1. 


Before you proceed with the migration, review “Prerequisites” on page 170. In this section, the source 
server refers to supported OES versions and the target server refers to an OES 2015 SP1 server. 


+ 


+ 


+ 


+ 


+ 


“What is Migrated” on page 170 

“Prerequisites” on page 170 

“Migration Procedure” on page 170 

“Post Transfer ID Migration Procedure” on page 171 


“Verifying Migration” on page 172 


What is Migrated 


+ 


+ 


+ 


Server configuration information 
Shares 


Contexts 


Prerequisites 


+ 


OES server is already installed and CIFS is configured. For details, see OES 2015 SP1: Novell 
CIFS for Linux Administration Guide. 


NSS Pools and volumes are already migrated to the new OES 2015 SP1 server from a 
supported source OES server. Use the cluster migrate resource_name node_name command to 
migrate the cluster pools and volumes. For details, see “Using the Cluster Migrate Command” in 
the OES 2015 SP1: Novell Cluster Services for Linux Administration Guide. 


Non-cluster NSS volumes are already migrated to the new OES 2015 SP1 server from a 
supported OES server. This can be done by unmounting the corresponding file system from the 
source machine and mounting it on the target machine. 


Migration Procedure 


1 Migrating Server Configuration information: 


2 


In case of ID Swap, on the target server using ¡Manager replicate the following server properties: 
+ Name 
+ Comment 
+ Domain/Workgroup 
+ Support for Oplocks 
+ Support for DFS 
Migrating Share information: 


During the migration process, all shares except the shares that have been manually added are 
migrated. To replicate the shares that are manually added, use the CIFS ¡Manager plug-in. For 
details, see“Managing CIFS Shares ” in the OES 2015 SP1: Novell CIFS for Linux Administration 
Guide. 


3 Migrating Context information: 
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Manual: Copy the context file /etc/opt/novell/cifs/cifsctxs.conf from the source server 
to the target server. 


iManager: Using CIFS iManager plug-in, replicate the CIFS user's context. For details, see 
“Configuring a CIFS User Context’in the OES 2015 SP1: Novell CIFS for Linux Administration 
Guide. 


NOTE: After completing the migrate, ensure that you reconfigure CIFS service using yast2 
novell-cifs or use the iManager Add Context task to add the contexts to the cifsctxs.conf file, 
before you enable subtree search feature. 

4 Copying CIFS configuration file: 


Copy the CIFS configuration file /etc/opt/novell/cifs/cifs.conf from the source to the 
target server. 


CIFS configuration settings are stored in eDirectory and configuration files. During Transfer ID 
migration, the settings in eDirectory are migrated automatically, whereas the settings stored in 
the configuration files are not. To migrate them manually, copy the cifs.conf file to the target 
server. 


5 Restart the CIFS server using the rcnovell-cifs restart command. 


6 Proceed to perform proxy migration. For services using the common proxy, see “Services that 
are Using Common Proxy” on page 258. For services using the service specific proxy, see 
“Services that are Using Service Specific Proxy” on page 259. 


Post Transfer ID Migration Procedure 


+ “OES 2 SP3 or OES 11 to OES 2015 SP1” on page 171 


OES 2 SP3 or OES 11 to OES 2015 SP1 


After performing the migration steps in “Transfer ID Migration Procedure” on page 257, perform the 
following tasks: 


+ “Restarting the CIFS service” on page 171 

+ “Re-enabling Pass-through Information Levels Capability” on page 172 

+ “Enabling “Share volumes by default” Option” on page 172 
Restarting the CIFS service 


1 Run the following command to restart the service: 


rcnovell-cifs restart 
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Re-enabling Pass-through Information Levels Capability 


1 If you have enabled pass-through information levels capability on the target server, copying the 
cifs.conf file might overwrite the settings. Re-enable it on the target server after the migration 
is complete by running the novcifs -info-level-passthru=yes command. 


Enabling “Share volumes by default” Option 
After migration of CIFS service to OES 2015 SP1, default shares will not be mounted by CIFS. 


1 View the list of all available share points using the command novcifs -sl. 


2 Check the status of "Share volumes by default" attribute using the command novcifs --list- 
servers. 


3 Enable the “Share volumes by default” attribute using the command novcifs --share-vols- 
default=<netbios name of the physical or virtual server> --value=yes. 


For example, novcifs --share-vols-default=BLR8-192.168_W --value=yes. 


Verifying Migration 
After you have migrated the Novell CIFS services to the OES 2015 SP1 target, verify that the 


migration process is complete by checking for the following details: 


¢ Verify that the NMAS methods for CIFS are installed and synchronized to the tree. For details, 
see “Verifying LSM Installation” in the OES 2015 SP1: Novell CIFS for Linux Administration 
Guide. 


+ Log in to the CIFS server and attempt to access the data. 
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Migrating DHCP to OES 2015 SP1 


Migration refers to the process of migrating the Novell DHCP Services running on NetWare or Open 
Enterprise Server (OES) to OES 2015 SP1. 


For general information about the Migration Tool, see the Chapter 1, “Overview of the Migration 
Tools,” on page 15. 

+ “Migrating DHCP from Netware to OES 2015 SP1” on page 173 

¢ “Migrating DHCP to OES 2015 SP1” on page 183 


Migrating DHCP from Netware to OES 2015 SP1 


In these sections, the NetWare server is referred to as the source server and the OES 2015 SP1 
server as the target server. 

¢ “Migration Requirements” on page 173 

¢ “Migrating DHCP” on page 174 

e “Migration Scenarios” on page 181 

¢ “Migrating a Cluster” on page 182 

+ “Post-Migration Procedures” on page 182 


¢ “Verifying the Migration” on page 183 


Migration Requirements 


Make sure your setup addresses the following requirements before you migrate DHCP to the new 
platform. 


O An eDirectory integrated DHCP server installed and configured on the target machine. This 
takes care of the schema extension on the target server tree and creation of the dhcpLocator 
and DHCPGroup objects. 


O The user running DHCP Migration requires read and write permissions on the target machine for 
the following folders: 


/opt/novell/migration/dhcpmigration/tmp 
/opt/novell/migration/dhcpmigration/dhcp 
Recommended: Run DHCP Migration as the root user. 


O The target and source servers should have their time synchronized, or the leases might not 
function properly. 


O Use the following source NetWare platforms for the migration process: 
+ NetWare 6.5 SP8 
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Migrating DHCP 
To migrate the DHCP Services, you can use the Migration Tool or the command line interface. 


+ “Understanding the Migration Process” on page 174 
+ “Using the Migration Tool to Migrate Servers” on page 175 
+ “Using the Command Line to Migrate Servers” on page 180 


Understanding the Migration Process 


Make sure that you install the OES 2015 SP1 server as the target server for the DHCP Services. For 
more information on installing Novell DHCP Services, refer to “Installing and Configuring DHCP ” in 
the OES 2015 SP1: DNS/DHCP Services for Linux Administration Guide. 


During migration, the NetWare DHCP configuration objects are read and mapped to the 
corresponding configuration objects on Linux DHCP. This helps in retaining the same functionality 
after the migration process. 


O Subnets: All the subnets associated with the NetWare DHCP server are migrated to the new 
platform. If there is at least one address range associated with the NetWare DHCP server inside 
the subnet, the subnet is migrated with all the associated address ranges. The subnet object is 
created inside the dhcpService object on Linux. After migration, the subnet is identified by its IP 
address. 


O DHCP Server: You can specify the name of the DHCP server in the Server Name field under the 
Target Options tab. 


O DHCP Service: During a server-level or tree-level migration, a dhcpService object is created on 
the target server corresponding to each source NetWare DHCP server. This is the container 
object that contains all the DHCP configuration data associated with DHCP server. The 
dhcpService object is created inside the context specified in the Service Context field during 
migration. The dhcpService object name can be specified in the Service Name field under Target 
Options tab. 


For a subnet-level Migration, the subnets are created inside an existing dhcpService object on 
target server. Specify the existing dhcpService object in the Service Context field. 


(O Address Range: After the migration process, all the address range objects are mapped to pool 
objects on Linux. 


O Zone: After the migration, all the zone objects retain the same name as they had on the 
NetWare platform. Zone objects are also created inside the dhcpService object. 


O Subnet Pool: On the Linux platform, subnet pools on NetWare are mapped to the Shared 
Network objects. 


O IP Address (manual): All manually defined IP addresses are migrated as hosts inside the 
subnet object. The hosts are identified by their IP addresses. For example, if the address of an 
IP address object on NetWare is 1.1.1.1, on Linux it is identified as 1 1 1 1. 


O IP Address (dynamic): Information on all the dynamically leased IP addresses is maintained at 
the /var/lib/dhcp/db location. This lease file contains details for every IP address leased. 


Comments: Any comments that exist on the NetWare platform are not migrated to the Linux 
platform. 


O Excluded Hardware Addresses: Excluded hardware addresses on NetWare after migration 
are mapped to class-excluded_hosts on Linux. 
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O Included Hardware Addresses: Included hardware addresses on NetWare after migration are 


mapped to class-included_hosts on Linux. 


NOTE: If the name of any object contains a space, the space is replace by an underscore “_” during 


migration. 


Using the Migration Tool to Migrate Servers 


1 Open the Migration Tool GUI using the “Launch the Migration Tool Utility” on page 47. 
2 Follow the Migration Process to start the process. 
3 Click Add in the Services to Migrate panel, then select the Novell DHCP Service. 


Add Services 
Service Name 


File System 
Novell FTP 

Novell NTP 
Novell iPrint 


Novell DHCP Service 


| Ok | | Cancel 


4 Click OK, then click Configure. The DHCP configuration window displays. 
5 DHCP provides migration at the following three levels: 

+ “Server Level” on page 177 

+ “Subnet Level” on page 179 

+ “Tree Level” on page 180 


Configuring DHCP Options 


The DHCP configuration window consists of three tabs: 
¢ Source Options 
+ Target Options 
+ Reverse Zone Selection 
Source Options 
This tab lets you choose the level of migration that you want to use. 


+ Server Level 
+ Subnet Level 
+ Tree Level 
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Target Options 


This tab lets you choose the DHCP options for each level of migration. The following table lists the 
fields in the target options tab: 


Table 21-1 DHCP Configuration fields 


Field Description 

Server Context Context of the target DHCP server object. 

Server Name Name of the target DHCP server object. 

Service Context Context of the target DHCP service object. 

Service Name Name of the target DHCP service object. 

Locator Object Distinguished name of the dhcpLocator object in the target tree. 

Group Object Distinguished name of the DHCPGroup object in the target tree. 

Lease file location Lease file name with absolute file path where the NetWare DHCP dynamic leases 


are migrated. 


Reverse Zone Selection 


Reverse zones are used for reverse lookups. It finds the DNS name associated with the IP address. 
Use this tab to select the available reverse zones on the source to be migrated to the target. 


NOTE: The forward zones associated with a subnet in a DDNS setup are automatically migrated. The 
forward zones are not required to be selected exclusively in this scenario. 


The following table lists the fields in the DHCP configuration window: 


Table 21-2 DHCP Configuration fields 


Field Description 

Server DN The distinguished name of the DHCP server to be migrated. 

Subnet DN The distinguished name of the subnet to be migrated. 

Base DN The distinguished name of the container on the target tree where the configuration is 


to be migrated. 


NOTE: For tree-level and server-level migration, Base DN is a container such as 
Organization, Organization Unit, or Domain. 


For subnet-level migration, Base DN is a DHCP Service object only. When you 
browse for the Base DN, it appropriately displays all the available service objects. 


Locator DN The distinguished name of the dhcpLocator object in the target tree. 
NOTE: Not applicable for a subnet-level migration. 
Group DN The distinguished name of the DHCPGroup object in the Target tree. 


NOTE: Not applicable for a subnet-level migration. 
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Field Description 


Lease file The path and filename for the leases to be migrated. All the dynamic IP addresses 
on NetWare are mapped to a lease file entry in this file. 


NOTE: Not applicable for tree-level and server-level migration. 


Migration Methods 


You can choose to migrate DHCP services by any one of the following three methods: 


+ Server Level 
+ Subnet Level 


+ Tree Level 


Server Level 


In the Server Level migration, the selected NetWare DHCP server is migrated to the OES 2015 SP1 
server. You can choose to migrate only one server at a time. 


NOTE: Refer to Table 21-2 on page 176 for DHCP configuration field descriptions. 


1 In the Source Options tab of DHCP migration window, select the Server level option. 


DHCP Migration 


Source Options | Target Options | 


Reverse zone selection 


Select the level for Migration 


@ Server level 


Server DN: Cn=DHCP_server o=novel 


© Subnet level 


Subnet DN(s): 


© Tree level 


2 Click Browse to select the Server DN. 


@ Cancel | 


Server DN: The Server DN is the distinguished name of the server to be migrated. You can 
browse to the Source tree (only containers and server objects are displayed) to locate the server 
to be migrated. Select the server object and click OK. If the selected object is not a DHCP server, 


then a warning is displayed. 


3 In the Target Options tab, click Browse to select the Server Context. 
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DHCP Migration 


{ Source Options | Target Options | Reverse zone selection 


Specify the DHCP Options 


You can browse or specify the service or server name 


Server Context: 


Server Name: cn=DHCP_server 


Service Context: 


Service Name: cn=Service 


Locator Object: cn=dhcpLocator,o=novell 


Group Object: cn=DHCPGroup,o=novell 


Lease file location: fvarflibfdhcp/db/dhcpd.leases 


Note: For Target on cluster path edit Lease File Location 


© Help @ Cancel 


4 Click Browse to select the existing Server Name or add the new server name that you want to 
migrate. For more information on adding a new server, refer to “Server Management” in the OES 
2015 SP1: DNS/DHCP Services for Linux Administration Guide. 


5 Click Browse to select the Service Context. 


6 Click Browse to select the existing Service Name or add the new service name that you want to 
migrate. 


7 Click Browse to select the Locator Object. 
8 Click Browse to select the Group Object. 
9 Specify the Lease file location. 


10 In the Reverse Zone Selection tab, select the reverse zones in Available Reverse Zones. Click 
Add to add all the selected zones. Use the Ctrl key to select multiple zones. 
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DHCP Migration 


[ Source Options | Target Options [ Reverse zone selection 


Select the reverse zones on the source to be migrated to the target 


Available Reverse Zones Zones selected for migration 


en=118_1_198_IN-ADD 


Add >> 


<< Remove 


I 
C] Select All O Select All 


@ Cancel 


11 Click OK to complete the configuration. 


Subnet Level 


In the Subnet Level migration, the selected subnets associated with the NetWare DHCP server are 
migrated to the OES 2015 SP1 server. The subnet objects are created inside the dhcpService object 
on the Linux server. After migration, the subnet is identified by its IP address. You can choose to 
migrate multiple subnets at a time. 


NOTE: Refer to Table 21-2 on page 176 for DHCP configuration field descriptions. 


1 In the Source Options tab of the DHCP migration window, select the Subnet Level option. 
2 Click Browse to select the Subnet DN(s). Use the Ctrl key to select multiple subnets. 
Subnet DN(s): The Subnet DN is the distinguished name of the subnets to be migrated. 


You can browse to select one or more subnets. The selected subnets are displayed in the list 
box. If an incorrect container is selected, then a warning is displayed. 


3 In the Target Options tab, click Browse to select the Service Context. 
4 Click Browse to select the existing Service Name that you want to migrate. 


The Server Context, Server Name, Locator Object, and Group Object options are not applicable 
for subnet level migration. 


5 Specify the Lease file location. 


6 In the Reverse Zone Selection tab, select the reverse zones in Available Reverse Zones. Click 
Add to add all the selected zones. Use the Ctrl key to select multiple zones. 


7 Click OK to complete the configuration. 
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Tree Level 


In the Tree Level migration, all the NetWare DHCP servers in the tree are migrated to the OES 2015 
SP1 server. 


NOTE: Refer to Table 21-2 on page 176 for DHCP configuration field descriptions. 


1 Inthe Source Options tab of the DHCP migration window, select the Tree Level option. 
2 Inthe Target Options tab, click Browse to select the Server Context. 


Click Browse to select the Service Context. 


ow 


The Server Name and Service Name options are displayed by default, but they are disabled. 
Click Browse to select the Locator Object. 
Click Browse to select the Group Object. 


Specify the Lease file location. 


N © of f 


Click OK to complete the configuration. 


Using the Command Line to Migrate Servers 


1 Torun the DHCP migration utility through the command line, run /opt/novell/migration/bin/ 
migdhcp with the following parameters: 
Option Description 
-h Print this summary. 
-k Level of migration (subnet|tree|server). 


-i Verbose mode - on or off. 


-d Debug mode - on or off. 

-S IP address of the source LDAP server. 

-p Port number of the source LDAP server. 

-a DN of the admin user in the source tree. 

-t IP address of the target LDAP server. 

-q Port number for the target LDAP server. 

-b DN of the admin user in the destination tree. 


-l DN of the dhcpLocator object in the destination tree (Required only for server-level or tree-level 


migration). 

-g DN of the DHCPGroup object in the destination tree (Required only for server-level or tree-level 
migration). 

-e DN of the server to be migrated (Required only for server-level migration). 

-n Base DN for server on the destination tree. 

-m Base DN for service on the destination tree. 

-r 1 for source SSL bind, O for source non-SSL bind. 

-u 1 for destination SSL bind, O for destination non-SSL bind. 
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Option Description 


-f Absolute path of the file containing the DNs of the subnets that you want to migrate. (Required 
only for subnet-level migration). Enter the subnet DNs in the following format: 


cn=subnet1,o=novell 
cn=subnet2,ou=novel1,o=novell 


cn=subnet3,ou=novell2,o=novell 


-C Absolute path of the file where you want to store the lease file information 

-E DHCP server object name on the Target server (Required only for server-level migration). 
-S DHCP service object name on Target server (Required only for server-level migration). 

-Z Full path of the file containing the Reverse Zone DNs. 


Examples for Command Line Migration 


Tree Level: /opt/novell/migration/bin/migdhcp.sh -k tree -i on -d on -s 
192.168.13.1 -p 636 -a cn=admin,o=novell -t 182.155.13.8 -q 636 -b 
cn=admin, o=novell -1 cn=dhcpLocator,o=novell -g cn=DHCPGroup, o=novell -n 
o=novell -r 1 -u 1 


Server Level: /opt/novell/migration/bin/migdhcp.sh -k server -i on -d on -s 
192.168.13.1 -p 636 -a cn=admin,o=novell -t 182.155.13.8 -q 636 -b 
cn=admin, o=novell -1 cn=dhcpLocator,o=novell -g cn=DHCPGroup, o=novell -e 
cn=DHCP_SERVER, o=novell -n o=novell -r 1 -u 1 


Subnet Level: /opt/novell/migration/bin/migdhcp.sh -k subnet -i on -d on -s 
192.168.13.1 -p 636 -a cn=admin, o=novell -t 182.155.13.8 -q 636 -b 
cn=admin, o=novell -n cn=DHCPService,o=novell -r 1 -u 1 -f /somelocation/ 
filewithsubnetdns -c /somelocation/filename 


Migration Scenarios 


DHCP migration supports two scenarios: 


+ “Transfer ID” on page 181 


+ “Consolidation” on page 182 


For more information about these scenarios, see “Support Matrix for NetWare and OES Services” on 
page 18. 


Transfer ID 


In this scenario, the identity of the target server is swapped with the source server. The IP address 
and the machine name of the target server change to the source IP address and machine name. The 
target should be installed in the same tree as the source server. The target should be a non-replica 
server. 


Based on the level of migration (Subnet, server, or tree), the configuration objects are created for the 
Linux DHCP server on the target tree inside the dhcpService object created during migration. 
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Consolidation 


In this scenario, the configuration data associated with the source server is associated to a single 
target server. DHCP Consolidation migration can be performed at the tree, server, or subnet-level. 


Migrating a Cluster 


There are two scenarios for migrating clusters: 


+ “NetWare and Linux Clusters Attached to the Same Tree” on page 182 
+ “NetWare and Linux Clusters Attached to Different Trees” on page 182 


NetWare and Linux Clusters Attached to the Same Tree 


Run the migration tool from one of the Linux nodes. Perform the tree-level migration with the source 
and target servers on the same tree. 


This ensures that all NetWare DHCP configuration data is available for Linux DHCP. 


In this scenario, both the NetWare server and the OES 2015 SP1 server are on the same eDirectory 
tree. The NetWare source server must be running NetWare 6.5 SP8. The Linux target server must be 
running SUSE Linux Enterprise Server (SLES) 11 SP4 with OES 2015 SP1 on 64-bit hardware. 


NetWare and Linux Clusters Attached to Different Trees 


Run the migration tool from one of the Linux nodes. Perform the tree-level migration with the source 
server (the tree to which NetWare clustered nodes are attached) on one tree and the target server 
(the tree to which the Linux clustered nodes are attached) on another tree. 


This ensures that all NetWare DHCP configuration data is available for Linux DHCP. 


In this scenario, the NetWare server and the OES 2015 SP1 server are on different eDirectory trees. 
The NetWare source server must be running NetWare 6.5 SP8. The Linux target server must be 
running SUSE Linux Enterprise Server (SLES) 11 SP4 with OES 2015 SP1 on 64-bit hardware. 


Post-Migration Procedures 


1 Inthe /etc/dhcpd.conf file, change 1dap-base-dn to reflect the context of the migrated DHCP 
Server and change ldap-dhcp-server-cn to reflect the name of the migrated DHCP Server. 


2 Check the lease file at the /var/1ib/dhcp/db/dhcpd. leases folder. 


3 To use DDNS after a subnet-level migration, add the following settings to the DHCP Server 
Object: 


+ ddns-rev-domainname in-addr.arpa 
+ ddns-update-style interim 

¢ client-updates deny 

+ update-optimization false 


NOTE: DDNS updates are required only when you migrate to an existing DHCP server. 
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4 Start the OES DHCP server by using the rcnovell-dhcpd start command. 


5 Continue with “Cluster Migration from NetWare to Linux” on page 183 and “Running a 
Preexisting DHCP Server” on page 183 as necessary. 


Cluster Migration from NetWare to Linux 


On the node where you ran the migration: 


1 Open the <mountpath>/etc/dhcpd.conf file. 


The <mountpath> parameter indicates the target directory in the shared volume where DHCP- 
specific directories are created. 


Inside the /etc/dhcpd.conf file, which is located in the shared volume, change the Idap-dhcp- 
server-cn attribute to the migrated server cn. 


2 Copy the migrated_server . leases file from the /var/lib.dhcp/bd folder to the <mountpath> varl 
lib/dhep/db/ folder and rename it to dhcpd. leases. 


Running a Preexisting DHCP Server 


After migration, the DHCP server and service objects are created in the tree. You canruna 
preexisting DHCP server along with the migrated NetWare server's configuration. 


1 Log in to the tree by using Java Management Console. 
2 Click the DHCP (OES Linux) tab. 


3 Select the service object that was created after migrating the NetWare server from the left pane 
in the Java Management console. 


4 Associate this service object with the existing DHCP server. 


Verifying the Migration 


To verify the migration, use Java Console to go to the destination tree and locate the DHCP Server 
object and the corresponding DHCP Service object. All the DHCP server configuration is stored 
inside the corresponding DHCP Service object. 


Verify that leases are present: 


O For a tree-level, server-level, or subnet-level migration, the lease filename and location are 
provided by the user. Make sure the expected files are present in the specified location. 
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In this section, the source server refers to a supported OES server and the target server refers to an 
OES 2015 SP1 server. 

+ “Planning Your Migration” on page 184 

¢ “Migration Scenarios” on page 184 

¢ “Post-Migration Procedure” on page 186 


¢ “Verifying the Migration” on page 186 
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Planning Your Migration 


Make sure your setup addresses the following requirements before you migrate DHCP to the new 
platform. 


+ “Requirements” on page 184 


Requirements 


+ An eDirectory integrated DHCP server installed and configured on the target machine. This 
takes care of the schema extension on the target server tree and creation of the dhcpLocator 
and DHCPGroup objects. 


+ Ifthe target server is in different subnet, ensure that you create a subnet in the target server 
before migration. 


Migration Scenarios 


To migrate DHCP to the new platform, you can use the Java Management Console. During migration, 
the configuration details as well as the data are migrated to the destination platform. 


NOTE: To enable DHCP to autostart after a successful migration, execute the chkconfig -a dhcpd 
command on the source server. 


¢ “Migrating Servers Within the Same eDirectory Tree” on page 184 
+ “Migrating Servers Across eDirectory Trees” on page 184 


Migrating Servers Within the Same eDirectory Tree 


1 Launch Java Console. 
2 Select the service container object that you want to migrate to the target DHCP server. 


3 From the Default DHCP Server list in the General Tab, select the DHCP server object of the 
target machine. 


4 Click the Save button. 


5 Migrate the DHCP leases from OES 2 SPx to OES 2015 SP1. To migrate the DHCP leases, 
copy the /var/lib/dhcp/db/dhcpd. leases file from the source OES 2 server to the 
corresponding location in the OES 2015 SP1 server. 


6 Perform Transfer ID. For more information, see Part IV, “Transfer ID Migration,” on page 61. 


7 On successful migration, proceed to perform service specific proxy migration. For more 
information, see “Migrating Proxy users to OES 2015 SP1” on page 257. 


Migrating Servers Across eDirectory Trees 


To migrate servers across eDirectory trees, you need to export the source server’s DHCP 
configuration and import the DHCP configuration to the target server. 


The import and export operation is used to transfer the DHCP service configuration from files into 
eDirectory or from eDirectory to a text file in a dhcpd. conf format respectively. Only Linux DHCP 
configuration files should be used to import or export the DHCP configuration. 
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NOTE: Before importing a DHCP configuration file, check the syntax of the file with the rcnovell- 
dhcpd check-syntax command. The command reads /etc/dhcpd.conf and checks the syntax. 


¢ “Exporting the DHCP Configuration” on page 185 
+ “Importing the DHCP Configuration” on page 185 
+ “Migrating DHCP Leases from OES SP3 or OES 11 to OES 2015 SP1” on page 185 


Exporting the DHCP Configuration 


The file is exported in a dhcpd.conf format. These files can be imported anywhere and can also be 
imported back to eDirectory by using the DNS/DHCP Java-based Management Console Utility. 


1 Click the DHCP (OES Linux) tab of the Java Management Console. 


2 Click +] Export DHCP Database on the toolbar to open the Export - DHCP window. 


3 Specify the name of a destination file or browse to select a filename from the dialog box, then 
click Next. 


4 Select the services by using the Export DHCP - Service List window. 
5 Click Export to store your information in a file. 
6 Click Finish to complete the export. 


If the export program encounters any error, the Details button is enabled in the error window. 
Click Details to view the error details. 
Importing the DHCP Configuration 


The configuration file to import should be in DHCP V3 format. Importing the Linux DHCP 
configuration file overwrites the associated DHCP server's settings. 


To import the DHCP files: 
Click the DHCP (OES Linux) tab of the Java Management Console. 


Click È Import DHCP Database on the toolbar. 
Click Browse to select or specify the path for the DHCP database file. 
Click Next to open the Import - File Input window. 


Specify the service name in the Service Name text box. 
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In the Select NDS Context text box, browse to select or enter specify the context where the 
service is to be created. 


7 (Optional) Select a Default DHCP Server from the drop-down list. 
8 Click Import. 
9 Click Finish to complete the import operation. 


If the import program encounters any error, the Details button is enabled in the error window. Click 
Details to view the error details. 


Migrating DHCP Leases from OES SP3 or OES 11 to OES 2015 SP1 


To migrate the DHCP leases from a supported OES server to OES 2015 SP1, copy the /var/lib/ 
dhcp/db/dhcpd. leases file from the source OES 2 server to the corresponding location in the OES 
2015 SP1 server. 
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Post-Migration Procedure 


1 In the /etc/dhcpd.conf file, change Idap-base-dn to reflect the context of the migrated DHCP 
Server and change Idap-dhcp-server-cn to reflect the name of the migrated DHCP Server. 


Verifying the Migration 
1 Check the syntax of the dhcp configuration file with the rcnovell-dhcpd check-syntax command. 
The command reads /etc/dhcpd.conf and checks the syntax. 
2 Start the target server dhcp server using the following command: 
rcnovell-dhcpd start 


3 Verify the /var/log/dhcp-1dap-startup.log file to check the dhcp configuration of the 
migrated server. 
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2 ? Migrating DNS to OES 2015 SP1 


Migration refers to the process of migrating DNS services to OES 2015 SP1. 


+ “Migrating DNS from Netware to OES 2015 SP1” on page 187 
+ “Migrating DNS to OES 2015 SP1” on page 189 


Migrating DNS from Netware to OES 2015 SP1 


In these sections, the NetWare server is referred to as the source server and the OES 2015 SP1 
server as the target server. 


The following sections give you more information on the prerequisites and the procedure to migrate 
source servers based on different scenarios: 


+ “Planning Your Migration” on page 187 
¢ “Migration Scenarios” on page 188 

¢ “Migration Procedure” on page 188 

¢ “Post-Migration Procedure” on page 189 


Planning Your Migration 


Make sure your setup addresses the following requirements before you migrate DNS to the new 
platform. 


+ “System Requirements” on page 187 
¢ “Supported Platforms” on page 187 


System Requirements 


O An eDirectory integrated DNS server installed on the target machine. 


NOTE: In a Server ID Swap scenario, do not select Create DNS Server option at the install time. 
This avoids the creation of the DNS server for the temporary NCP server. So when migration is 
completed, the existing DNS server objects are considered. 


(O Schema extension is already done on the destination server tree and DNS-DHCP Group, and 
the RootServerlnfo and DNS-DHCP Locator objects are created. 


O The user running the migration process should have rights to update files on the target machine. 
This user should also be included in the DNS-DHCP group in eDirectory. 


Supported Platforms 
The following platforms are accepted as valid source platforms for the migration process: 


O NetWare 6.5 SP8 
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Migration Scenarios 


To migrate DNS to the new platform, you can use the Java Management Console. During migration, 
the configuration details as well as the data are migrated to the destination platform. 
¢ “Migrating Servers within the Same eDirectory Tree” on page 188 


+ “Migrating Servers across eDirectory Trees” on page 188 


Migrating Servers within the Same eDirectory Tree 


In this scenario, both the NetWare server and the OES 2015 SP1 server are on the same eDirectory 
tree. 


Migrating Servers across eDirectory Trees 


In this scenario, the Netware server and the OES 2015 SP1 server are on different eDirectory trees, 
so the migration is across the trees. 


Depending on your setup, you can choose to migrate a single server at a time or migrate all the 
servers at the same time. 


Migration Procedure 


+ “Using Java Console to Migrate Servers within the Same eDirectory Tree” on page 188 


+ “Using Java Console to Migrate Servers across eDirectory Trees” on page 188 


Using Java Console to Migrate Servers within the Same eDirectory 
Tree 


1 Launch Java Console. 


2 Identify the source NCP server and the corresponding DNS server object that should be 
migrated to target server. 
The server and the server object will no longer exist on the NetWare server after migration. Make 
sure that the DNS Service is not running on this source NCP server. 
To stop the service, see “Stopping the DNS Server” in the OES 2015 SP1: DNS/DHCP Services 
for Linux Administration Guide. 

3 Use Java Console to move the source DNS server. This task also migrates the primary zones in 
the tree. 


For information about moving the DNS server, see “Moving a DNS Server” in the OES 2015 
SP1: DNS/DHCP Services for Linux Administration Guide. 


Using Java Console to Migrate Servers across eDirectory Trees 


1 In Java Console, create the DNS server object. For details, see OES 2015 SP1: DNS/DHCP 
Services for Linux Administration Guide. 


2 On the target server, create a secondary zone and specify the zone master IP address as the IP 
address of the NetWare server where the primary zone exists. After the initial zone transfer, 
change the zone on the source NetWare server to secondary and make the zone on the target 
server to be the primary server. 
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Migrate primary zones on the target server by creating a secondary zone and specifying the 
zone master IP address as the IP address of the NetWare/OES server where the primary zone 
exists. 


3 Load the DNS servers on primary and secondary server to initiate zone transfer. 


4 After the initial zone transfer, change the zone on the source NetWare server to secondary and 
make the zone on the target server to be the primary server zone. 


5 To migrate secondary zones, create a secondary zone on the Linux server and specify it to be 
the secondary zone to the target primary zone that is on the target server. Ensure that both the 
primary and the secondary zones use the same name. This is essential for a successful zone 
transfer. 


NOTE: This method of migration is limited to migrating the zone data only. 


Post-Migration Procedure 


1 Use the Java Management Console to check for the existence of the following objects: 
+ DNS-DHCP 
+ DNSDHCP-GROUP 
+ RootServerinfo 
+ DNS Server object 


2 Load novell-named using the rcnovell-named start command and check to see if the /etc/ 
opt/novell/named/named.conf file contains zone database files with valid information. 


3 Use the nslookup utility to query for records in zones. 
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In these sections, the supported OES server is referred to as the source server and the OES 2015 
SP1 server as the target server. 


¢ “Planning Your Migration” on page 189 
+ “Migration Scenarios” on page 190 


¢ “Post-Migration Procedure” on page 191 


Planning Your Migration 


Make sure your setup addresses the following requirements before you migrate DNS to the new 
platform. 


System Requirements 


+ An eDirectory integrated DNS server installed on the target machine. 
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NOTE: During DNS installation, do not select Create DNS Server option at the install time. This 
avoids the creation of the DNS server for the temporary NCP server. So when migration is 
completed, the existing DNS server objects are considered. 


+ Schema extension is already done on the destination server tree and DNS-DHCP Group, and 
the RootServerlnfo and DNS-DHCP Locator objects are created. 


Migration Scenarios 


To migrate DNS to the new platform, you can use the Java Management Console. During migration, 
the configuration details as well as the data are migrated to the destination platform. 


Migrating Servers within the Same eDirectory Tree 


1 Launch Java Console. 


2 Identify the source NCP server and the corresponding DNS server object that should be 
migrated to target server. 


The server and the server object will no longer exist on the OES 2 server after migration. Make 
sure that the DNS Service is not running on this source NCP server. 


To stop the service, see “Stopping the DNS Server” in the OES 2015 SP1: DNS/DHCP Services 
for Linux Administration Guide. 


3 Use Java Console to move the source DNS server. This task also migrates the primary zones in 
the tree. 


For information about moving the DNS server, see “Moving a DNS Server” in the OES 2015 
SP1: DNS/DHCP Services for Linux Administration Guide. 


4 On successful migration, proceed to perform service specific proxy migration, see “Migrating 
Proxy users to OES 2015 SP1” on page 257. 


Using Java Console to Migrate Servers across eDirectory Trees 


You can migrate DNS across eDirectory trees by exporting the DNS database from the source server 
and importing the database to the target server. 


Exporting DNS Database 


Export DNS database operation transfers the resource record data of a zone to a text file. The text file 
is in the DNS BIND master file format. These files can be used in other DNS servers, including BIND 
servers, or they can be imported back into the eDirectory database using the DNS/DHCP Java-based 
Management Console. 


1 In the DNS Service window, select the zone you want to export and click Export DNS Database 
on the toolbar. 


2 In the Export - DNS window, enter the name of a destination file or browse to select a filename 
from the dialog box. 


3 Click Export to store your zone data in a file. 


4 If the export program encounters any error, the Details button is enabled. Click Details to view 
the error details. 
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Importing DNS Database 


Import DNS database operation transfers resource record data present in the BIND formatted DNS 
zone files into the eDirectory database. 
1 Inthe DNS Service tab, click Import DNS Database on the toolbar. 


2 Enter the DNS BIND formatted filename in the field provided. You can also browse to select the 
filename from the File Selection dialog box. 


3 Click Next to select the context where the zone objects will be created. 
4 Click Next to select the server name that manages the zone. 


You can select an existing DNS server or an NCP server, where DNS server object will be 
created. The selected DNS server must have the DNS/DHCP services installed in it. 


If you select the zone type as primary, this DNS server will act as a designated primary. If you 
select the zone type as secondary, this DNS server will act as a designated secondary.I|f you do 
not want to assign a DNS server for this zone leave this field empty. 


5 Click Next to specify the zone type. 


If you select the zone type as primary, Novell DNS servers act as primary servers for this zone or 
if you select secondary, servers act as secondary DNS servers. 


6 Click Next to view the configuration that you selected. 
7 Click Import to begin importing with this configuration. 


If the import program encounters any error, the Details button is enabled. Click Details to view 
the error details. Some resource records might not have been transferred because of incorrect 
data. Click Create on the toolbar to recreate these resource records. 


8 Click Finish to complete the import operation. 


Post-Migration Procedure 


1 Use the Java Management Console to check for the existence of the following objects: 
+ DNS-DHCP 
+ DNSDHCP-GROUP 
+ RootServerinfo 
+ DNS Server object 


2 Load novell-named using the rcnovell-named start command and check to see if the /etc/ 
opt/novell/named/named.conf file contains zone database files with valid information. 


3 Use the nslookup utility to query for records in zones. 


Migrating DNS to OES 2015 SP1 191 


192 Migrating DNS to OES 2015 SP1 


Migrating DSfW to OES 2015 SP1 


This section describes how to migrate DSfW to an OES 2015 SP1 environment. 


NOTE: The migration procedure described in this section is applicable only for the migration of an 
OES server acting as a DSfW server. 


Before you proceed with the migration, review “Planning Your Migration” on page 151. 


¢ “Planning Your Migration” on page 193 
+ “Migration Procedure” on page 194 


¢ “Post-Migration Procedure” on page 195 


Planning Your Migration 


Make sure your setup addresses the following requirements before you migrate DSfW. 


+ “Prerequisites” on page 193 
+ “What is Migrated” on page 193 


Prerequisites 


Before you proceed with the migration, review the details in “Prerequisites” on page 63. Fora 
successful migration: 

+ The source server and the target server must be in the same eDirectory tree. 

+ Ensure that the time is synchronized between the source and the target server. 

+ The source and target servers must be in the same subnet and gateway. 


+ The target server must be a non-replica server in the eDirectory tree. To make the target server a 
non-replica server, select the Novell Pre-migration Server option while installing OES 2015 SP1 
on the target server. 


+ The target server DNS entry must point to DSfW source server IP address. 


+ Hostname of the target server should not be same as any other server in the DSfW tree. 


What is Migrated 


+ DSfW configuration data present in eDirectory. 
+ Configuration files for DSfW services like kerberos, samba, xad, and rsync. 


+ Non DSfW services like ¡Print and NSS. Non DSfW services need to be migrated as per the 
migration procedure for a particular service. 
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Migration Procedure 


DSfW migration follows the Transfer ID migration process. For more information about Transfer ID, 
see Part IV, “Transfer ID Migration,” on page 61. 


IMPORTANT: Ensure that you do not patch or register the migration server for updating before 
installing the Novell Pre-migration Server pattern and the DSfW pattern. 


Follow the instructions given below to perform the migration: 


1 Install and configure eDirectory with pre-migration pattern on the target server. 


NOTE: You must ensure that the target server is installed only with eDirectory and the Novell 
pre-migration pattern. Novell pre-migration and eDirectory pattern must be installed using 
Software Management tool provided by the YaST utility. 


If services such as iPrint, NSS, and SMS are configured on the DSfW server that is migrated, 
then configuration data related to these services will also be migrated as part of the DSfW 
migration process. However, migration of service?specific data needs to be migrated as per the 
migration procedure for a particular service. For information on migrating iPrint, see Chapter 27, 
“Migrating ¡Print to OES 2015 SP1,” on page 219. For information on migrating NSS, see 
Chapter 17, “Migrating File Systems to OES 2015 SP1,” on page 105. 


2 If the source server has proxy user configured for services such as LUM, see Chapter 32, 
“Migrating Proxy users to OES 2015 SP1,” on page 257. 


3 Install the DSfW pattern on top of the preexisting patterns on the target server but do not 
configure it. 


4 Reboot the target server. 
5 Ensure that you have copied the SSH keys to avoid multiple password prompts: 
5a Enable SSH on the source server and the target server. 
5b Enter the + ssh-keygen -t rsa command on the target server. 
5c When you are prompted to enter the file in which to save the key, press Enter. 
The ssh keys are stored in the default location (/root/.ssh/id_rsa). 


5d When you are prompted to enter the passphrase, leave it empty for no passphrase, then 
press Enter. 


5e Copy the key value (the output of the # ssh-keygen -t rsa command) to the source 
server using the following command: 


ssh-copy-id -i /root/.ssh/id_rsa.pub root@source-ip-address 
Where -i /root/.ssh/id_rsa.pub is the output of # ssh-keygen -t rsa command. 


Replace <source-ip-address> with the IP address or the hostname of the source server. 


6 Run the DSfW migration script on the target server. The purpose of this script is to migrate the 
DSfW-specific data to the target server. 


./opt/novell/xad/sbin/migrate_dsfw.pl --source=source-ip --all 
The migration script invokes the miggui tool. 


The Transfer ID operation migrates eDirectory, LUM, and other associated services of the 
source server. For more information, see “Select the Source and Target Server and the Migration 
Type” on page 71. 


7 Reboot the target server. 
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8 After you reboot the server, you are prompted to configure additional features like WINS and 
Sites. This can be done using the DSfW Feature Configuration Wizard. 


IMPORTANT: You are prompted to configure these features only once. If you fail to configure 
these features during the first instance, you will not be able to configure these features later. 


Enter the authentication details in the login dialog box, depending on the scenario in which you 
are provisioning, then click OK. 


Provisioning Scenario Authentication Details Required 

Non-name-mapped, forest root domain The current domain credentials. 

Name-mapped, forest root domain The current domain credentials and the tree admin 
credentials. 

Non-name-mapped child The current domain credentials, the parent domain 
credentials, and the tree/container admin 
credentials. 

Name-mapped child The current domain credentials, the parent domain 
credentials, and the tree/container admin 
credentials. 

Additional Domain Controller The current domain credentials and the tree admin 
credentials. 


IMPORTANT: If you are installing a first-level child domain in a non-name-mapped scenario, the 
tree admin and the parent domain credentials are the same. 


9 Select the feature that you want to configure, then click Next. 


10 On the task list page, click Run to manually execute a task or click Run All to execute all the 
tasks sequentially without any manual intervention. 


11 After you complete executing the DSfW Feature Configuration Wizard, you must verify if all the 
daemons are up and running by executing the following command: 


xadentrl status 


12 Run the following command to verify if the schema has been extended, rights on the domain 
controller objects have been added, and the unique domain id on the domain root has been 
added. 


/opt/novell/xad/sbin/domaincntrl --preps 


Post-Migration Procedure 


After the migration procedure has completed, you need to manually cleanup certain eDirectory 
objects. For more information, follow the instructions specified in Chapter 14, “Post Transfer ID 
Migration,” on page 89. 
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24 Migrating LUM to OES 2015 SP1 


This section describes how to migrate LUM from a supported OES server to OES 2015 SP1. 


¢ “Planning the Migration” on page 197 
¢ “Migration Scenarios” on page 197 


Planning the Migration 


Make sure your setup addresses the following requirements before you migrate LUM to the 
destination platform. 


+ “Prerequisite” on page 197 


Prerequisite 


+ Ifthe source server is OES 2 SP2, the proxy credential retrieval binary (32 or 64 bit) for LUM 
(lum_retrieve_proxy_cred) should be copied to /usr/bin folder on the source server. 


Migration Scenarios 


The following three scenarios are supported for LUM migration: 


+ Common Proxy Migration: If LUM is configured to use common proxy, refer to “Services that 
are Using Common Proxy” on page 258. 
+ Service Specific Migration: If LUM is configured to use service specific proxy, refer to 
“Services that are Using Service Specific Proxy” on page 259. 
+ Transfer ID Migration: If LUM is not configured to use proxy user, refer to Part IV, “Transfer ID 
Migration,” on page 61. 
For common proxy and service specific proxy migration scenarios, you must also do a Transfer ID 


migration. Transfer ID migration effects changes such as setting of the nam configuration and 
mapping the target server with the existing eDirectory users and groups. 
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Migrating FTP to OES 2015 SP1 


Migration refers to the process of migrating FTP services from a supported NetWare or OES server to 
a OES 2015 SP1 server. The Open Enterprise Server (OES) migration tools follow a source/target 
model. The following sections give you more details on the migration procedure for FTP. 


+ “Migrating FTP from Netware to OES 2015 SP1” on page 199 
¢ “Migrating FTP to OES 2015 SP1” on page 202 


Migrating FTP from Netware to OES 2015 SP1 


This section describes how to migrate FTP from Netware or OES to OES 2015 SP1. 


Planning the Migration 


Make sure your setup addresses the following requirements before you migrate FTP to the 
destination platform. 


+ “System Requirements” on page 199 
+ “Source Servers” on page 199 


+ “Target Server” on page 199 


System Requirements 


+ Pure-FTPd 


Source Servers 


+ NetWare 6.5 SP8 


Target Server 


+ OES 2015 SP1 


Migration Scenarios 


The following three scenarios are supported for FTP migration: 


+ Consolidation on the Same Tree 
¢ Consolidation on a Different Tree 
+ Transfer ID on the Same Tree 
For details on these three scenarios, see “Migration Scenarios” on page 16. 
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Prerequisites 


For all three scenarios, eDirectory should be running so eDirectory users can log in. 


What is Migrated 


When the migration is complete, the FTP parameters on NetWare are mapped to the corresponding 
parameters in Pure-FTPd on Linux. For details on mapped parameters, see Table 25-1 on page 201. 


Migrating FTP 


Migration of FTP configuration can be done from the Migration Tool or through the command line 
interface. 


NOTE: Before you start the Pure-FTPd server, ensure that eDirectory is up and running on the target 
server. This is to ensure that all the eDirectory users can be used for Pure-FTPd access. For the 
Server ID Swap, all eDirectory objects are migrated as part of the DIB migration step. For complete 
details on eDirectory migration, read Appendix 18, “Migrating eDirectory to OES 2015 SP1,” on 
page 151. 


+ “Using the Migration Tool” on page 200 
+ “Using the Command Line” on page 200 


Using the Migration Tool 


1 Launch the Migration Tool in one of the following ways: 
Desktop: Click Computer > More Applications > System > Novell Migration Tools 
Terminal: Log in as the root user and at a terminal prompt, enter miggui 

2 Configure the source and target parameters. 


For details on configuring source and target server information, selecting a migration type, and 
the Open, Save Project, and all other tool buttons, see Chapter 2, “Overview of the Migration 
GUI,” on page 21. 


3 Select Novell FTP from Services and click Configure. The status now changes from Not 
Configured to Ready. 


4 When the status is Ready, click Start to start the migration process. 


The status changes from Migrating to Migrated on success. 


NOTE: Use the Status > Logs tab to check for errors during migration. Fix the errors and restart 
the migration procedure if necessary. 


Using the Command Line 


1 Run the FTP migration utility from the command line with the required parameters: 
migftp -s <source_server> 
For example: 
migftp -s 192.168.1.54 


If the migration is successful, a message indicating success is displayed. 
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2 Start the eDirectory server to allow eDirectory users to log in. 


3 Start the FTP server by using the rcpure-ftpd start command. 


Post-Migration Procedure 


1 Allthe FTP services users must be LUM enabled. 


2 Map these parameters during FTP migration from NetWare to Linux: 


Table 25-1 NetWare Linux FTP FTPd Mapping Parameters 


NetWare FTP Parameters 


SECURE_CONNECTIONS_ ONLY 
PASSIVE_PORT_MIN 
PASSIVE_PORT_MAX 
MAX_FTP_SESSIONS 
HOST_IP_ADDR 

FTP_PORT 
FORCE_PASSIVE_ADDR 
ANONYMOUS ACCESS 
IDLE_SESSION_TIMEOUT 
DEFAULT_USER_HOME_SERVER 
DEFAULT_USER_HOME 


IGNORE_REMOTE_HOME 


Important: 


Linux Pure FTPd Parameters 
TLS 

PassivePortRange 
PassivePortRange 
MaxClientsNumber 

Bind 

Bind 

ForcePassivelP 
AnonymousOnly 
MaxidleTime 
DefaultHomeDirectoryServer 
DefaultHomeDirectory 


EnableRemoteHomeDirectory 


+ IfANONYMOUS_ACCESS is commented irrespective of the value set to yes or no on the 
source server (NetWare), after migration the value set for AnonymousOnly on the target server 


(OES 2015 SP1) is retained. 


For example, #ANONYMOUS_ACCESS=yes or #ANONYMOUS_ACCESS=no is set on the 
source server, AnonymousOnly=yes or AnonymousOnly=no is set on the target server, whatever 
the value set on the target server is retained after migration. 


If ANONYMOUS_ACCESS is uncommented irrespective of the value set to yes or no on the 
source server (NetWare), after migration the value set for AnonymousOnly on the target server 
(OES 2015 SP1) is overwritten with the value set on the source server. 


For example, ANONYMOUS_ACCESS=no is set on the source server, AnonymousOnly=yes is 
set on the target server, AnonymousOnly will be set to no after migration. 


¢ If you use BIND parameter in the NetWare ftpserv.cfg file, after migrating to OES, your FTP 
login will be blocked. This happens as FTP still tries to bind to the source IP address and port 
that you have specified in the NetWare ftpserv.cfg file. 


To resolve this issue, change the IP address and port to that of an OES target server. This 
workaround is not required in case of a Transfer ID migration. 
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+ If Passive Port Range on NetWare is not set or is less than twice the number of maximum 
allowed clients, after migrating to Linux, set the PassivePortRange twice the MaxClientsNumber. 


For example, if you set MaxClientsNumber as 10, then set the PassivePortRange as 30000 
30020. 


+ If SECURE_CONNECTIONS ONLY is set in NetWare and an FTP migration certificate does not 
exist on Linux, a default FTP certificate (/etc/ssl1/private/pure-ftpd.pem) is created, using 
either an eDirectory certificate (/etc/ss1/servercerts/eDircert.pem) of the target server or 
the server certificate (/etc/ssl/servercerts/servercert.pem). If neither of them exists, the 
migration creates a certificate with default parameters. The admin can replace this by creating a 
new certficate using the steps listed in “Create Certificate Procedure” (http:// 
download.pureftpd.org/pub/pure-ftod/doc/README.TLS). 


+ The ForcePassivelP field in NetWare when left blank or set as 0.0.0.0 indicates none specified. 
However, on linux, it is interpreted as is and therefore can lead to server binding to invalid IP 
address resulting in loss of functionality. The migration script is updated to ignore IP 0.0.0.0, and 
created .bak file for preserving the original linux conf file for administrative reference. 
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This section describes how to migrate FTP from a supported OES environment to OES 2015 SP1. 


Before you proceed with the migration, review “Prerequisites” on page 202. In this section, the source 
server refers to a supported OES server and the target server refers to an OES 2015 SP1 server. 


¢ “Prerequisites” on page 202 
+ “What is Migrated” on page 202 
+ “Migration Procedure” on page 202 
Prerequisites 
+ Ensure that OES 2015 SP1 server is already installed along with the Novell FTP pattern on the 


target server. For details see, “Installing Pure-FTPd” in the OES 2015 SP1: Planning and 
Implementation Guide. 


What is Migrated 


¢ Configuration file and script 
Migration Procedure 


Same tree migrations with identity transfer 
Perform the following procedures on the target server: 


1 Copy the /etc/pure-ftpd/pure-ftpd.conf file from the source server. 


NOTE: If the migration is being performed on a cluster setup, copy the pure-ftpd.conf file on 
the shared volume of cluster. 


2 Run /opt/novell/pure-ftpd/novell-pure-ftpd-config.sh script. This will update the 
pure-ftpd.conf file with the new parameters added in OES2015 or later. 
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3 Remove LD_PRELOAD statement from the /etc/init .d/pure-ftpd file, if present. 
4 Restart pure-ftpd using the rcpure-ftpd restart command. 


Same tree migrations without identity transfer 


1 Execute steps Step 1 to Step 3. 


2 Update the IP address of the target server for ForcePassivelP and Bind parameters in the pure- 
ftpd.conf file. 


3 Update DefaultHomeDirectoryServer if it refers to the IP of the source server. 
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6 Migrating iFolder to OES 2015 SP1 


This section describes the procedures to migrate iFolder to OES 2015 SP1. 


+ “Novell iFolder Upgrade, Migration, and Coexistence” on page 205 
¢ “Migrating ¡Folder to OES 2015 SP1” on page 217 


Novell ¡Folder Upgrade, Migration, and Coexistence 


This section familiarizes you with the migration and upgrade capabilities of ¡Folder 3.9. It also 
discusses using the Novell Migration Tool to introduce the ¡Folder 3.9 services into an existing 
network environment without disrupting existing Novell ¡Folder 2.x and ¡Folder 3.x services. 


One of the top priorities in designing Novell ¡Folder 3.7 and later was to ensure that new ¡Folder 
services running on Micro Focus Open Enterprise Server (OES) 2 or later can bridge the gap 
between the Novell ¡Folder 2.x services and the ¡Folder 3.2 services that are currently running on 
OES. 


Migration: In this section, migration means the process of moving Novell ¡Folder 3.2 data running on 
OES and ¡Folder 2.x on OES or on Netware to Novell ¡Folder 3.9.1 running on the OES 2015 SP1 
platform. 


Upgrade: Upgrade means the process of changing to a new version of iFolder on the same platform, 
such as from ¡Folder 3.6 on OES 2 to Novell ¡Folder 3.9.1 running on OES 2015 SP1. 

¢ “Migrating ¡Folder 2.x” on page 205 

+ “Migrating iFolder 3.2” on page 211 

+ “Upgrading ¡Folder 3.x” on page 214 

+ “Upgrading ¡Folder 3.6” on page 216 

+ “Coexistence of ¡Folder 3.9 and 2.x Servers” on page 216 


+ “Coexistence of the ¡Folder 3.9 Client with Novell ¡Folder 1.x and 2.x Clients” on page 216 


Migrating ¡Folder 2.x 


You can move iFolders and user data from an iFolder 2.x domain to iFolder 3.9. In the following 
sections, the iFolder 2.x server is referred to as the source server and the iFolder 3.9 server as the 
target server. 


IMPORTANT: You cannot migrate encrypted iFolders. Use the client-side migration wizard to migrate 
the encrypted iFolders. For more information on the client-side migration, see Novell iFolder 
Migration And Upgrade in the Novell ¡Folder 3.9 Cross-Platform User Guide (http://www.novell.com/ 
documentation/ifolder3/ifolder39_user/?page=/documentation/ifolder3/ifolder39_user/data/ 
bookinfo.html). 


+ “Server Migration” on page 206 


¢ “Client Migration” on page 210 
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Server Migration 


This section helps you understand the server migration, its prerequisites, and the migration process. 


+ 


+ 


+ 


“Prerequisites” on page 206 

“Planning” on page 206 

“Migration Scenarios” on page 207 

“iFolder Migration Procedure” on page 207 
“Using the Migration Tool GUI” on page 207 
“Using Command Line Utilities” on page 208 
“Multi-Server Migration” on page 209 

“What to Expect” on page 209 

“Verifying the Migration” on page 210 


“Post-Migration Procedures” on page 210 


Prerequisites 


Before proceeding to migrate, meet the following prerequisites: 


O You must perform the File System Migration for the source data path. 
For more information, see Appendix , “Migrating File System Using GUI,” on page 111. 

O Ensure that the ¡Folder 3.9 servers, the ¡Folder 3.9 Web Access server, and the eDirectory 
services are up and running. 
The iFolder 3.9 Web Access server and the Web Admin server should be running on the target 
server. 

O Ensure that the user objects are available in eDirectory and are accessible from the target 
server. 

Planning 


+ 


Novell ¡Folder Server: Novell ¡Folder 3.9 has the capacity to manage 1000 connected users 
simultaneously on a single server. This can vary based on the server hardware and network 
capabilities. If there are more than 1000 users, you can use a multi-server setup. For details, see 
Deploying ¡Folder Server in the Novell ¡Folder 3.9 Administration Guide (http://www.novell.com/ 
documentation/ifolder3/ifolder39_admin/?page=/documentation/ifolder3/ifolder39_admin/data/ 
front.html). 


Web Access Server: The Novell iFolder 3.9 Web Access console for end users must run on the 
target server. 


Web Admin Server: The Novell iFolder 3.9 Web Admin console for end users must run on the 
target server. You must ensure that the policies for disk quota, iFolder limit, and file filter are set 
at the system level, because these policies affect the storage availability on the server. For 
details on policies, see Configuring System Policies in the Novell iFolder 3.9 Administration 
Guide (http://www.novell.com/documentation/ifolder3/ifolder39 admin/?page=/documentation/ 
ifolder3/ifolder39_admin/data/front.html). 


Multi-Server Setup: If you have a predefined choice of servers for a set of users or LDAP 
Groups, you must provision them, and set the policies by using the iFolder 3.9 Web Admin 
console. If the users are not provisioned and no policies are set, the iFolder 3.9 server uses the 
round-robin provisioning method to provision the users. Novell iFolder 3.9 has its own LDAP 
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attribute for provisioning users and it does not use the iFolder 2.x LDAP attribute for 
provisioning. You can use the iFolder 3.9 LDAP attribute for selective provisioning and use the 
Web Admin console for manual provisioning of users/groups. 


Migration Scenarios 
The following scenarios are supported for migrating Novell iFolder Services: 
For general explanation of the scenarios supported in OES, see “Migration Scenarios” on page 16. 


+ Transfer ID: In this scenario, the target server is installed into the same eDirectory tree as the 
source server, with a temporary hostname and IP address.The iFolder 2.x data is copied to the 
target machine to perform the basic operations, while the original copy is operational in the 
source machine until the move completes. When the move completes, the source and target 
servers swap and all the iFolder 2.x data on the source server is available on the target server. 
The target server functions with the same credentials (Such as IP address and hostname) as the 
source server and the source server node is no longer available in the eDirectory tree. 


IMPORTANT: In a Netware to OES 2015 SP1 Transfer ID scenario, ensure that the target server 
is installed in the same context as the source server. 


¢ Migrate: In this scenario, you can copy the iFolder data from any number of existing source 
servers to a target server. The source server must be running a supported NetWare or OES 
version. The target server must be running on OES 2015 SP1 on 64-bit hardware. 


In the Transfer ID scenario, only the Same Tree migration is applicable. In the Migrate scenario, both 
Same Tree and Different Tree migration are possible. 


+ Same Tree: In the Same Tree migration, the source and target server are on the same 
eDirectory tree. The source server must be running a supported NetWare or OES version. The 
target server must be running on OES 2015 SP1 on 64-bit hardware. 


¢ Different Tree: In the Different Tree migration, the source server and the target server are on 
different eDirectory trees. The source server must be running a supported NetWare or OES 
version. The target server must be running OES 2015 SP1 on 64-bit hardware. 


iFolder Migration Procedure 
This section helps you understand the server migration processes. 


+ “Using the Migration Tool GUI” on page 207 


+ “Using Command Line Utilities” on page 208 


Using the Migration Tool GUI 


1 Install, configure, and run iFolder 3.9 on the target server. 

2 Open the Migration Tool GUI. 
Desktop: Select Computer > More Applications > System > Novell Migration Tools. 
Terminal: Log in as the root user and at a terminal prompt, enter miggui 


3 Authenticate to the source and target servers. All the associated services are listed in the 
Services panel. 


4 Select Novell iFolder, then click Configure. The iFolder configuration window displays as 
follows. 
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IMPORTANT: Ensure that you migrate the iFolder 2.x file system data by using the file system 
migration tools. For more information, refer to Appendix , “Migrating File System Using GUI,” on 


page 111. 


The default data path for iFolder 2.x is /var/opt/novell/<ifolderdata> for OES. For 


NetWare, the data path is configurable. 


5 Fill in the following fields: 


Parameter 


2.x Migration 


iFolder 3.9 Admin Name 


iFolder 3.9 Admin Password 


Partial Migration 


6 Click OK to configure iFolder for migration. 


Description 


Select this option if you want to migrate the iFolder 
2.x application to iFolder 3.9 on OES 2015 SP1. 


iFolder Data Path: Specify the path where the 
iFolder 2.x system data is migrated to on the target 
server. This is the location on the iFolder target 
server where iFolder application files and the users’ 
iFolders and files are migrated to. The path is case- 
sensitive. 


Specify the username of the iFolder 3.9 
administrator. 


Specify the iFolder 3.9 admin password. 


Select this option if you want to perform a partial 
migration that allows you to migrate a selected set 
of users to an iFolder 3.9 domain. You can perform 
partial migration either by using a user list file or by 
browsing and selecting users from an eDirectory 
tree. 


User List File: Specify the location of the user list 
file. This file is a text file that contains the list of user 
DNs for all the users selected for migration. Ensure 
that each user DN starts in a new line. 


Select LDAP Users: Browse the eDirectory tree 
and select the users for migration. 


7 Inthe main window, you can either configure other services, or click Migrate to start the 


migration process. 


The Migration Tool takes care of the order in which each service migrates. Therefore, iFolder 
migration initiates only after file system migration completes. 


Using Command Line Utilities 


To run the Novell iFolder migration utility through the command line, run /opt/novell/migration/ 
sbin/migif2 --option value with the following details: 
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Table 26-1 Command Line Options 


Option Description 

--precheck (Optional) Checks whether migration is possible with the given 
parameters. 

--2xdatapath Specifies the path where the iFolder system data is stored. This is the 


location where the iFolder source server stores iFolder application files 
and the users' ¡Folders and files. The path is case sensitive. 


--serveripaddress Specifies the IP address of the ¡Folder 3.9 server. 

--adminname Specifies the username of the iFolder 3.9 administrator. 

--password Specifies the password for the iFolder 3.9 administrator. 

--workarea (Optional) Specifies the location for the temporary migration files. 
--userlist (Optional) Specifies a text file that contains the list of users for migration. 


If you don’t specify this, a complete migration is performed. 


--Sync (Optional) Performs the sync operation during migration for any changes 
made on the source server. 


Multi-Server Migration 


To migrate user data to the master server, all the iFolder 3.9 servers must be up and running. The 
master server automatically provisions the home servers for each migrated user. Depending upon the 
user provisioning priority you have set, each user is provisioned in the appropriate iFolder 3.9 server. 
If you want to move each user from a single ¡Folder 2.x server to different ¡Folder 3.9 servers or from 
many iFolder 2.x servers to a single iFolder 3.9 server, you must set the provisioning with the iFolder 
3.9 Web Admin console. By default, the round-robin provisioning method is used. For more 
information on using the Web Admin console, refer to the following sections in the Novell ¡Folder 3.9 
Administration Guide (http://www.novell.com/documentation/ifolder3/ifolder39_admin/?page=/ 
documentation/ifolder3/ifolder39_admin/data/front.html). 


+ Managing ¡Folder Services via Web Admin 
+ Managing ¡Folders 


+ Managing ¡Folder Users 


What to Expect 


+ The ¡Folder 2.x user data format is converted to that of ¡Folder 3.9. The flat directory structure of 
the 2.x data is changed to the hierarchical structure of ¡Folder 3.9 client. 


NOTE: The 2.x configuration is not migrated. 


+ The 2.x encrypted ¡Folders are not migrated. This is because the passphrase for each user is not 
known to the administrator. Each user is expected to do a client-side migration. 


+ Ifthe user list is provided, only those users specified in the user list are migrated. 


+ Inthe Transfer ID scenario, iFolder 3.9 updates the configuration files with the new server IP 
address after the migration is completed. 
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Verifying the Migration 


You can find the migration logs at /var/opt/novell/log/ifolder/checkpoint.1log. The 
checkpoint.log contains the status of the ¡Folder 2.x migration. 


Post-Migration Procedures 


Post-migration configuration: No additional configuration is required because only data is migrated 
and no policies are migrated from ¡Folder 2.x to iFolder 3.9. You must set the policies again for each 
user by using the Web Admin console, because the ¡Folder 2.x policies are not compatible with 
¡Folder 3.9. 


For more information on using the Web Admin console, refer to the following chapters in the Novell 
¡Folder 3.9 Administration Guide (http://www. novell.com/documentation/ifolder3/ifolder39_admin/ 
?page=/documentation/ifolder3/ifolder39_admin/data/front.html). 


+ Managing ¡Folder Services via Web Admin 
+ Managing ¡Folders 


+ Managing ¡Folder Users 


Merge: Users can have a local copy of the 2.x ¡Folders that are already migrated to the server. When 
they connect the ¡Folder 3.9 client to the ¡Folder 3.9 server, the migrated ¡Folders are also available 
for download. Instead of downloading them and having a different copy on the same machine, they 
can simply merge the ¡Folders on the local machine to the migrated ¡Folders on the server. This also 
reduces the data transfer traffic and effort. For details on the merge functionality provided in the client, 
see Merging ¡Folders in the Novell ¡Folder 3.9 Administration Guide (http://www. novell.com/ 
documentation/folder3/folder39_admin/?page=/documentation/ifolder3/ifolder39_admin/data/ 
front.html). 


Client Migration 


There is an automatic client-side migration from Novell iFolder 2.x to iFolder 3.9. The Migration 
Wizard provided for the user in the iFolder 3.9 client migrates the existing 2.x iFolder data to the 
iFolder 3.9 domain. The Migration Wizard appears soon after the installation of iFolder 3.9 client, and 
displays a message about the existence of previous version data and a request for a migration. This 
Wizard is also available on the Preferences menu so that it can be invoked at any time after 
installation. 


IMPORTANT: The Novell iFolder 2.x client and the iFolder 3.9 client can run independently and 
concurrently on the same user machine. They are separate applications and should not be installed in 
the same directory. However, if you migrate the 2.x data to 3.9, you must remove the 2.x client when 
the client-side migration is complete. 


Preparing for Migration 


+ The user must have both an ¡Folder 2.x account and a corresponding ¡Folder 3.9 account. 


+ The user must use only the Migration Wizard available in the ¡Folder client to migrate an existing 
2.x ¡Folder to a 3.9 ¡Folder. The user should not perform ¡Folder 2.x to 3.9 conversion by any 
other means, such as using ¡Folder shell integration (Windows Explorer or Nautilus) or the 
¡Folder 3.9 client upload mechanism from the thick client. 
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+ Ifthe user selects to make a copy of the ¡Folder 2.x data and move it to the ¡Folder 3.9 domain, 
ensure that you allocate sufficient space (at least 10 MB larger than the size of the iFolder 2.x 
data) on the hard disk (user’s Home directory for Linux and user’s Application Data directory for 
Windows) before performing migration. The additional space is used to store the iFolder 
database. 


In this case, the user must log out of the 2.x client before performing the migration to avoid 
synchronization issues and related possible data corruption. 


+ Ifthe user selects to migrate the iFolder and disconnect it from 2.x domain, the folder is not 
accessible through the 2.x account after the migration, because it is completely moved to the 3.9 
domain and 2.x registry entries are removed in the client. It is possible that the same 2.x iFolder 
is available on another user desktop. If so, make sure that it is manually removed to avoid data 
inconsistency, because it is not under the control of iFolder 3.9 domain. 


Migrating iFolder 3.2 


You can move iFolders and the user data from an iFolder 3.2 domain to an iFolder 3.9 domain. In the 
following sections, the iFolder 3.2 server is referred to as the source server and the iFolder 3.9 server 
as the target server. 


Prerequisites 


Before proceeding to migrate, see “Prerequisites” on page 206. 


Planning 


+ Novell iFolder Server: Novell iFolder 3.9 has the capacity to manage 1000 connected users 
simultaneously in a single server. This can vary based on the server hardware and network 
capabilities. If there are more than 1000 users, you can use a multi-server setup. For details, see 
Deploying ¡Folder Server in the Novell ¡Folder 3.9 Administration Guide (http://www.novell.com/ 
documentation/ifolder3/ifolder39_admin/?page=/documentation/ifolder3/ifolder39_admin/data/ 
front.html). 


+ Web Access Server: The Novell iFolder 3.9 Web Access console for end users is running on 
the target server. 


+ Web Admin Server: The Novell iFolder 3.9 Web Admin console is running on the target server. 
You must ensure that the policies for disk quota, iFolder limit, and file filter are set at system 
level, because these policies affect the storage availability in the server. For details on policies, 
see Configuring System Policies in the Novell iFolder 3.9 Administration Guide (http:// 
www.novell.com/documentation/ifolder3/ifolder39_admin/?page=/documentation/ifolder3/ 
ifolder39_admin/data/front.html). 


+ Multi-Server Setup: If you have a predefined choice of servers for a set of users or LDAP 
Groups, you must provision them, and set the policies by using the iFolder 3.9 Web Admin 
console. If the users are not provisioned and no policies are set, the iFolder 3.9 server uses the 
round-robin provisioning method to provision the users. Novell iFolder 3.9 has its own LDAP 
attribute for provisioning users and it does not use the iFolder 3.x LDAP attribute for 
provisioning. You can use iFolder 3.9 LDAP attribute for selective provisioning and use the Web 
Admin console for manual provisioning of users and groups. 
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Migration Scenarios 


The following scenarios are supported for migrating Novell iFolder Services: 


For a general explanation of the scenarios supported in OES 2015 SP1, see “Migration Scenarios” on 
page 16. 


+ Transfer ID: In this scenario, the target server is installed into the same eDirectory tree as the 
Source server, with a temporary hostname and IP address. The ¡Folder 3.2 data is copied to the 
target machine to perform the basic operations, while the original copy is operational in the 
source machine until the move completes and all of the iFolder 3.2 data on the source server is 
available on the target server. The target server functions with the same credentials (Such as IP 
address and hostname) as the source server and the source server node is no longer available 
in the eDirectory tree. 


¢ Migrate: In this scenario, you can copy the iFolder data from any number of existing source 
servers to a target server. The source server must be running supported OES versions. The 
target server must be running on OES 2015 SP1 on 64-bit hardware. 


In the Transfer ID scenario, only the Same Tree migration is applicable. In the Migrate scenario, both 
the Same Tree and Different Tree migration are possible. 


+ Same Tree: In this scenario, the source server and target server are on the same eDirectory 
tree. The source server must be running supported OES versions. The target server must be 
running on OES 2015 SP1. 


¢ Different Tree: In this scenario, the source server and the target server are on different 
eDirectory trees. The source server must be running supported OES versions. The target server 
must be running on OES 2015 SP1. 


iFolder Migration Process 


You can perform the migration through either the Migration Tool GUI or through the command line. 


+ “Using the Migration Tool GUI” on page 212 


+ “Using Command Line Utilities” on page 213 


Using the Migration Tool GUI 


1 Install, configure, and run iFolder 3.9 on the target server. 


2 Copy the simias.config file from the source server to the location /var/1ib/wwwrun/.local/ 
share/simias in the target server. 


3 Open the Migration Tool GUI. 
Desktop: Select Computer > More Applications > System > Novell Migration Tools. 
Terminal: Log in as the root user and at a terminal prompt, enter miggui 


4 Authenticate to the source and target servers. All the associated services are listed in the 
Services panel. 


5 You must configure the file system before configuring the ¡Folder 3.2 service. To configure NSS 
or NCP volumes, select File System, then click Configure. For any other file system, perform 
migration using Command Line Utilities. For more information on configuring file system, refer to 
“Migrating File System Using Command Line Utilities” on page 118 


6 Select Novell iFolder, then click Configure. The ¡Folder configuration window displays as 
follows. 
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IMPORTANT: Ensure that you migrate the iFolder 3.2 file system data by using the file system 
migration tools. For more information, refer to Appendix , “Migrating File System Using GUI,” on 
page 111. 


The default data path for iFolder is /var/lib/wwwrun/simias for Linux. 


7 Fill in the following fields: 


Parameter Description 


3.2 Migration Select this option if you want to migrate the iFolder 3.2 application 
to iFolder 3.9 on OES. 


iFolder 3.2 Data Path: Specify the path where the iFolder 3.2 
system data is migrated to on the target server. This is the location 
on the iFolder target server to which iFolder application files and the 
users’ ¡Folders and files are migrated. The path is case-sensitive. 


iFolder 3.2 Admin Name Specify the username of the iFolder 3.2 administrator. This is the 
fully distinguished name of the iFolder admin user. For example: 
cn=admin,o=acme. 


iFolder 3.2 Admin Password Specify the iFolder 3.2 admin password. 


iFolder 3.9 Admin Name Specify the username of the iFolder 3.9 administrator. For 
example: admin. 


iFolder 3.9 Admin Password Specify the iFolder 3.9 admin password. 

Partial Migration Select this option if you want to perform a partial migration, which 
allows you to select a set of users and migrate them to an iFolder 
3.9 domain. 


User List File: Specify the location of the user list file. This file is a 
text file that contains the list of user DNs for all the users selected 
for migration. Ensure that each user DN starts in a new line. 


Select LDAP Users: Browse the eDirectory tree and select the 


users for migration. 


8 Click OK to configure iFolder for migration. 


9 In the main window, you can either configure other services, or click Migrate to start the 
migration process. 


The Migration Tool takes care of the order in which each service migrates. Therefore, the iFolder 
migration initiates only after file system migration is completed. 


Using Command Line Utilities 


To run the Novell iFolder migration utility through command line, run /opt/novell/migration/ 
sbin/migif3 --option=value with the following details: 
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Option Description 


--precheck (Optional) Checks whether migration is possible with the given 
parameters. 

--oldadminname Specifies the username of the iFolder 3.2 administrator. 

--newadminname Specifies the username of the iFolder 3.9 administrator. 

--oldadminpassword Specifies the iFolder 3.2 admin password. 

--previousserverurl Specifies the IP address of the iFolder 3.2 server. 

--newserverurl Specifies the IP address of the ¡Folder 3.9 server. 

--workarea (Optional) Specifies the location for the temporary migration files. 

--userlist (Optional) Specifies a text file that contains the list of users for migration. 


If you don’t specify this, a complete migration is performed. 


--Sync (Optional) Performs the sync operation during migration for any changes 
made on the source server. 


What to Expect 


+ The user data (iFolders) is migrated. 
+ Ifthe user list is provided, only those users specified in the user list are migrated. 


+ Inthe Transfer ID scenario, the ¡Folder 3.9 updates the configuration files with the new server IP 
address after the migration is completed. 


Upgrading iFolder 3.x 


You can upgrade ¡Folder 3.x on supported OES version to iFolder 3.9 on OES 2015 SP1. This is a 
single-server scenario, where the source and target servers reside on the same machine. 


+ “Server Upgrade” on page 214 
+ “Client Upgrade” on page 215 


Server Upgrade 


Ensure that the server-side data is backed up before you perform the upgrade. 


You must use the YaST-based Novell ¡Folder configuration for the in-place upgrade. A YaST upgrade 
of OES to OES 2015 SP1 upgrades the configuration values of the ¡Folder enterprise server from the 
3.x ¡Folder server to the 3.9 ¡Folder server. 


For details on YaST-based configuration, see “Deploying ¡Folder Server ” in the Novell ¡Folder 3.9.2 
Administration Guide. 


1 Install OES by using YaST. 


2 Select Use Following Configuration and click Novell iFolder to change the default configuration 
settings for iFolder. 


or 


If you decide to use default settings, click Next to start Novell iFolder 3 configuration. 
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For security reasons, it is recommended that you always change the default iFolder 
configuration settings. 


3 Follow the YaST on-screen instructions to proceed through the Novell iFolder 3.9 configuration. 


The table in the “Configuring the iFolder Enterprise Server” in the Novell iFolder 3.9.2 
Administration Guide summarizes the decisions you make. 


NOTE: In an upgrade scenario, the following fields in the YaST UI for iFolder are disabled so you 
don't need to specify them. 


+ Path to the Server Data files 

+ Install into Existing ¡Folder Domain 
+ Private URL of Master server 

+ Directory Server Address 

+ ¡Folder Admin Password 

+ Verify ¡Folder Admin password 

+ LDAP Search Contexts 

+ LDAP Naming Attribute 


+ Require a secure connection between the LDAP server and the ¡Folder server 


If you have upgraded an ¡Folder server to supported OES version in a cluster setup, move to common 
proxy using the move_to_common_proxy. sh script fails. This is because during upgrade, the cluster 
volumes are not mounted. After upgrade is successful, you must use the following command on the 
node where ¡Folder cluster is running: 


/opt/novell/ifolder3/bin/ifolder_mono_setup 


This will update the Simias.config file with the necessary configuration information required for 
common proxy framework. In non-cluster setups, this runs automatically as part of post install script. 


Client Upgrade 


+ “Understanding the Upgrade Process” on page 215 

+ “Preparing for the Upgrade” on page 215 

+ “Upgrade Procedure for the User” on page 216 
Understanding the Upgrade Process 


With the client upgrade, binaries are upgraded with the new version of binaries and the client data is 
auto-upgraded. 


Preparing for the Upgrade 


Make sure that you perform the following server-side operations so that the user is notified of the new 
version of the ¡Folder client and prompted to accept the client upgrade. 


IMPORTANT: You must ensure that the user backs up the Simias store before upgrading the client. 


1 Enter http:\\ IP address of iFolder server in the browser to go to the OES home page. 
2 Download the client RPMs or executables from the OES home page. 
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3 Place the RPMs under the respective platform directories in the path 
ifolder_installDirectory/lib/simias/web/update/unix 


The latest client RPMs are installed only if they are present in the given path. The automatic 
installation happens when the user attempts to connect the 3.x or 3.4.1 client to the ¡Folder 3.9 
server. The names of the platform-specific directories are in the version. config file in the same 
path. A script file named install-ifolder.sh in the unix directory contains the commands for 
upgrading the RPMs to the latest version. 


Examples for install-ifolder3.sh are as follows: 
rpm -Uvh <absolute path of simias rpm> 


rpm -Uvh <absolute path of ifolder rpm> 
rpm -Uvh <absolute path of nautilus-ifolder3 rpm> 


4 Modify version.config to include entries for the directory where in the RPMs or the 
executables are placed. 


Upgrade Procedure for the User 


1 Connect the existing client to the server. 


The client automatically prompts the user to accept the client upgrade when he or she attempts 
to connect an ¡Folder 3.x or 3.4 1 client to a 3.9 server. For details, refer to Automatically 
Upgrading to ¡Folder 3.9 client on Linux in the Novell ¡Folder 3.9 Cross-Platform User Guide. 


For instructions on performing a manual upgrade, refer to Manually Upgrading to ¡Folder 3.9 
client on Linux in the Novell ¡Folder 3.9 Cross-Platform User Guide (http://www.novell. com/ 
documentation/ifolder3/ifolder39_user/?page=/documentation/ifolder3/ifolder39_user/data/ 
bookinfo.html). 


Upgrading iFolder 3.6 


1 On the OES client Downloads page, click the ¡Folder client for Linux link to download the RPMs 
as desired. 


For details, see Deploying iFolder Server in the Novell iFolder 3.9 Administration Guide. 
2 Follow the on-screen prompts to download the files to a directory on your machine. 
3 Enter cd <location where you have downloaded the files>. 


4 Runrpm -Uvh *.rpmto upgrade to iFolder 3.9. 


Coexistence of iFolder 3.9 and 2.x Servers 


If you use both iFolder 2.x and Novell iFolder 3.9 services, we recommend that you install each 
version on its own dedicated server. OES 11do not support iFolder 2.x service. 


Coexistence of the iFolder 3.9 Client with Novell iFolder 1.x 
and 2.x Clients 


Do not install the iFolder 3.9 client in the same application folder as a Novell iFolder 1.x or 2.x client. 


The iFolder 3.9 client can coexist on the same workstation as the Novell iFolder 1.x client or 2.x client, 
with the following caveats: 


+ The ¡Folder 3.9 client and its iFolders work only with the Novell ¡Folder 3.9 enterprise server. 
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+ The Novell ¡Folder 1.x or 2.x client and its ¡Folder on the workstation continue to work only with 
the assigned Novell iFolder server of the same release. 


+ The single ¡Folder created with the iFolder 1.x or 2.x client can coexist with the multiple ¡Folders 
created with the iFolder 3.9 client. The iFolders function independently on the workstation; they 
do not exchange information or data. However, you can manually transfer local data between old 
and new iFolder folders. 


+ You should not attempt to convert the Novell ¡Folder 1.x or 2.x folder to an iFolder to be managed 
by Novell iFolder 3.9 by any other means other than using the migration tool. Similarly, you 
should not convert parent folders of that iFolder to a next-generation iFolder. 


For example, if abc is the parent directory of the xyz directory, you should not attempt to migrate 
abc to iFolder 3.9 while xyz still remains an iFolder of type 2.x or 1.x. In addition, you should not 
attempt to migrate xyz to iFolder 3.9 while abc still belongs to a 2.x or 1.x domain. 


If the folder is no longer used by a prior version of the Novell iFolder client, such as after you 
uninstall the old client from the workstation, you can convert the folder or its parent folders to a 
next-generation iFolder. 
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This section provides information on how to migrate iFolder. 


Prerequisites 


Before proceeding to migrate, meet the following prerequisites: 


¢ iFolder is installed and configured on the target machine. 
+ You must perform the File System Migration for the source simias data path. 


For more information, see Appendix , “Migrating File System Using GUI,” on page 111. 


Transfer ID - Same Tree 


In this scenario, the target server is installed in the same tree as the source server. On successful 
completion of Transfer ID, the target server functions with the same credentials (Such as IP address 
and hostname) as the source server and source server node is no longer available in the network. 


What is Migrated 


The following data is migrated from the source server to the target server: 


+ The simias data store path 
+ The configuration files 


+ Proxy user (migrates along with simias and configuration files) 


Migration Procedure 


1 Install OES by using YaST on the target server. 
2 Stop apache from source server using the following command: rcapache2 stop. 


3 Configure iFolder on target server with same values as source server. For more information, see 
Configuring the iFolder Enterprise Server in the Novell iFolder 3.9.2 Administration Guide. 
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4 Stop apache on target server using the following command: rcapache2 stop. 


5 Migrate the simias data store path from source server to target server in the same volume and 


directory structure. For more information, see Appendix , “Migrating File System Using GUI,” on 
page 111. 


6 Start apache on target server using the following command: rcapache2 restart. 
Post Migration 


After migrating iFolder, 


+ Verify if admin and web access pages are accessible with same details. 
+ Ensure that all clients are able to connect to the server without issues. 


¢ Verify the ownership of the ifolder data source, it needs to be wwwrun:www 
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/ Migrating ¡Print to OES 2015 SP1 


Migration refers to the process of migrating ¡Print from supported NetWare or OES versions to OES 
2015 SP1. For general information about the OES 2015 SP1 Migration Tool, see Chapter 1, 
“Overview of the Migration Tools,” on page 15. 


The following sections give more details on the migration procedure for iPrint. 


+ “Prerequisites” on page 219 

¢ “Supported Migration Scenarios” on page 220 

¢ “What is Migrated” on page 220 

+ “Migration Procedure” on page 221 

¢ “Migrating an iPrint Cluster Resource” on page 229 
¢ “Migrating ZENworks ¡Print Policies” on page 230 
¢ “Verifying Migration” on page 233 

+ “Cleaning Up Stale Objects” on page 233 

+ “Troubleshooting iPrint Migration” on page 234 

+ “iPrintmig Man Page” on page 240 


Prerequisites 


This section covers the migration prerequisites for all the migration scenarios supported by iPrint. 


+ “Platform Specifications” on page 219 


+ “General Prerequisites” on page 220 


Platform Specifications 


+ “Target Server Requirements” on page 219 


Target Server Requirements 


+ OES 2015 SP1 server with ¡Print installed, and with Print Manager and the Driver Store 
configured. For more information, see “Installing and Setting Up iPrint on Your Server”, “Creating 
a Print Manager”, and “Creating a Driver Store” in the OES 2015 SP1: ¡Print Linux Administration 
Guide. 


IMPORTANT: If your target server is in a non-replica eDirectory tree, both the target Driver Store 
and Print Manager must be active for migration to be successful. Configure SLP to make them 
active. For details on SLP configuration, see “Configuration Parameters” in the NetIQ eDirectory 
8.8 SP8 Administration Guide. 
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General Prerequisites 


+ 


+ 


+ 


Before starting the migration, ensure that the source and target Print Managers are running. If 
you are using command line tools for migration, ensure that the source Print Managers are 
running. 


When you upgrade to OES, ensure that you migrate NDPS to iPrint. NDPS is not supported on 
OES Linux. 


Ensure that the file containing the printers to be migrated does not contains extra spaces or 
characters. For troubleshooting extra spaces, see “Printers are not migrating with the -f option” 
on page 236. 


Ensure that the driver paths are correct and accessible. For troubleshooting a bad driver 
assignment, see “Invalid driver path assignments” on page 236. 


Ensure that you retain the Print Agent redirection on the source servers. 


+ For NetWare source servers, follow the instructions in “Setting Up DNS for the Print 
Manager” in the NW 6.5 SP8: ¡Print Administration Guide. 


+ For Linux source servers, follow the instructions in “Creating a Print Manager” in the OES 
2015 SP1: ¡Print Linux Administration Guide. 


Ensure that the user has the following rights and permissions assigned explicitly on the source 
server so that the user can access and execute the psminfo.nlm, even if there is a mismatch of 
source server and container admin credentials for the user: 


+ Read permission to sys:ndps folder on the migration source server. 
+ Add the user as a trustee with supervisor rights to the source server NCP server object. 


Back up the Print Manager database files on the source server prior to migration. For NetWare, 
see “Understanding the Print Manager Database” in the NW 6.5 SP8: ¡Print Administration 
Guide. For Linux, see “Understanding the Print Manager Database”. 


The servers involved should be accessible via SSH. If the SSH ports are not open in the firewall, 
ensure that they are open before trying to access the servers. 


Supported Migration Scenarios 


¡Print supports the following migration scenarios: 


+ 


+ 


+ 


+ 


Migrating servers within the same eDirectory tree 
Migrating servers across different eDirectory trees 
Migrating servers through consolidation 

Migrating servers through a Transfer ID 


For more information about these scenarios, see “Migration Scenarios” on page 16. 


What is Migrated 


During the migration process, the following objects are replicated seamlessly from the source server 
to the target server: 


+ 


+ 


+ 


Printers 
Drivers 


Banners 
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Printer pools 

Redirected printers 

ACL (only if the source and target servers are in the same tree) 
Printer profiles 

The iPrint.ini file (only if the source server is NetWare 6.5) 


iPrint Client Management (only if the source and target servers are in the same tree and are 
sharing a common user) 


Migration Procedure 


Perform the following tasks for iPrint migration. 


+ 


+ 


+ 


+ 


“Pre-Migration iPrint Configuration” on page 221 

“¡Print Consolidate Migration” on page 222 

‘Verifying the Result of the ¡Print Migration” on page 229 
“Transfer ID” on page 229 


Pre-Migration ¡Print Configuration 


Perform the following pre-migration steps on the target server: 


1 


Create the Driver Store. For more information, see “Creating a Driver Store” in the OES 2015 
SP1: ¡Print Linux Administration Guide. 


If the eDirectory server1 value is not pointing to a server that holds a reliable replica, go to /etc/ 
opt/novell/iprint/conf/idsd.conf and modify the eDirectory server1 value to a server that 
holds a reliable replica. Change the IDSHostAddress value to the IP address (temporary IP 
address) of the migration server. Restart the Driver Store (rcnovell-idsd restart). 


Create the Print Manager. For more information, see “Creating a Print Manager” in the OES 
2015 SP1: ¡Print Linux Administration Guide. 


If eDirectory server1 value is not pointing to a server that holds a reliable replica, go to /etc/ 
opt/novell/iprint/conf/ipsmd.conf and modify the eDirectory server1 value to a server 
that holds a reliable replica. Change the PSMHostAddress value to the IP address (temporary IP 
address) of the migration server. Restart the Print Manager (rcnovell-ipsmd restart). 


Change the ¡Print Apache configuration. 


If AUthLDAPDNURL is not pointing to a reliable LDAP server, change AuthLDAPDNURL in / 
etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf to a reliable LDAP server. Restart 
Apache (rcapache2 restart). 


Ensure that the admin user is LUM-enabled. 


To check this, enter id admin at the terminal. If the admin user is LUM-enabled, UID and GID 
information is returned. 


Ensure that iprintman authentication is successful. 

To check the authentication by using the IP address, enter 
iprntman psm -1 -s <IP address> 

To check the authentication by using the DNS name, enter 
iprntman psm -l -s <DNS name> 


Test iPrint prior to the migration on the target server. 
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Using iManager, view the Print Manager and Driver Store. Click a few options to verify that you 
donot encounter any errors. 


7 Continue with “iPrint Consolidate Migration” on page 222. 


NOTE: You can run psminfo.n1m on the source server, then copy the psminfo. xml file to the target 
server at the /opt/novell/iprint/share location. This avoids contacting the source server during 
migration. 


¡Print Consolidate Migration 


Migration of the ¡Print configuration can be done through the Migration Tool or through the command 
line interface. 


+ “Using the Migration Tool” on page 222 
+ “Using the Command Line Utility” on page 228 


NOTE: When you migrate ¡Print from NetWare to OES 11SP2, Public Access Printers are not 
migrated. 


Using the Migration Tool 


1 Launch the Migration Tool on the target server in one of the following ways: 
Desktop: Click Computer > More Applications > System > Novell Migration Tools. 
Terminal: Log in as the root user and enter miggui at the terminal prompt. 


For details on configuring the source and target server information, selecting a migration type, 
opening a project, and on all the tool buttons, see Chapter 2, “Overview of the Migration GUI,” on 
page 21. 


2 Authenticate to the source and target servers. 
3 Click Add. 
4 Select Novell iPrint, then click Yes to configure. The iPrint configuration window is displayed. 
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¡Print Migration 


Print Options | Other Options | 


Print Managers 


Select printers from Source printers list to migrate 
Source Prim Manager | | ta] 


Target Prim Manager | ou servers, ou» mig-site.o =novell,l=blr, € «in| ts Get Primers 
| 


C eDirectory Server” 
*In case the Target Server does not hold a eDirectory replica 
Printer Objects 


Source printers (*Printer with same name exists on Target context) 


Select Primer Agents Comext 


[C] Select All Filter 


Create Target primer objects in 
Context same as Source primer context 


© Target coment: 


LJ Do Not Migrate Existing Target Printers 


Orie | L mo || Osane 


For more information, refer to Print Migration Best Practices Guide 


5 Configure the following parameters to proceed with the migration process: 


Print Objects Parameter Description 
Print Source Print Manager Specify the active Print Manager on the source server. The 
Managers source Print Manager can be either an NDPS manager (for 


NetWare 6.5) or iPrint Manager (for OES Linux). To go directly 
to a context of your choice, specify the context in the search 
base and click Search. The objects in the specified context are 
displayed. 
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Print Objects Parameter 


Target Print Manager 


eDirectory Server 


Printer Source printers 
Objects 

Select All 

Filter 


Create target Context same as 
printer source printer context 
objects in 


Target context 


Do Not Migrate Existing 
Target Printers 
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Description 


The Target Print Manager field is populated with the name of 
the active Print Manager running on the target server. This field 
is editable, and you can also specify a different name for the 
active Print Manager. To go directly to a context of your choice, 
specify the context in the search base and click Search. The 
objects in the specified context are displayed. 


Click Get Printers to select printer objects from the source 
Print Manager. 


Click Get Printers to select printer objects from the source 
Print Manager. 


Select this option if the target server does not hold an 
eDirectory replica. Specify the IP address of the target server 
that holds the reliable eDirectory replica. 


Displays all the printers of the active Print Manager available 
on the source server. The printers that already exist on the 
target server are indicated by an asterisk (*). 


Selects all the printers listed in the Printer Objects dialog box. 


NOTE: When you apply a new filter, or modify an existing filter 
and click Select All, only printers that are displayed after 
applying the filter are selected. When you manually select all 
printers, the selected printers are migrated. 


Specify the search pattern in the Filter field. This displays the 
printers in the Printer Agents list. This field is case sensitive. 


Select this option to use the same context as the source 
printers on the target server. 


NOTE: If you are migrating to a different tree, and you select 
Context same as Source printer context, you must ensure 
that the context exists in the target tree. 


This option is selected by default. It allows you to create source 
printers under a different context on the target server. This 
option does not maintain the context hierarchy of the source 
printer. 


To go directly to a context of your choice, specify the context in 
the search base and click Search. The objects in the specified 
context are displayed. 


If the printer names on source server match the printer names 
on the target server, the target printer properties and attributes 
are overwritten by the source printer properties and attributes. 


The printers that already exist on the target server are 
represented by an asterisk (*). 


¡Print Migration 


"Print Options | Other Options 


Source Driver Store 


IP Address/ONS Name 
User Name 


Password 


IP Address/ONS Name 


C) The Source Driver Store is not on the same Server as the Source Print Manager 


Migrate the following additional Source Print Brokers to the Target Driver Store 


Broker Volume Name 


Target Driver Store 


Target Driver Store DN [cn =remote_ds_160,ou=mig-site,o=novell.i=bir,c=in 


lv] Target Driver Store is remote 


Password [ 


Printer Drivers 
Options to Migrate Primer Drivers 


[] 
Windows 95/98 
windows NT 4 
Windows 2000 
Windows XP 


IP Address/DNS Name [164.99.182 160 
User Name [root 


2J Do Not Migrate Printer Driver and association of the Printer Agents with the Driver 

® Migrate Printer Driver if the driver is not present in the Target Driver Store 

Migrate all Primer Drivers, This overwrites the Printer Driver on the Target Driver Store 
Migrate Grivers for the following platforms 


[a] 
= 
] 
| 


Press Ctri+Click to select or deselect more than one platform 


Y] Migrate Printer Driver Profiles. This overwrites the existing Printer Driver Profiles 
iv] Migrate iPrint.ini file. This overwrites the existing iPrint.ini file on Target 


"ye 


For more information, refer to ¡Print Migration Best Practices Guide 


Other Options Parameter 


Source Driver The Source Driver 

Store Store is not on the 
same server as the 
Source Print Manager 


Migrate the following 
additional Source Print 
Brokers to the Target 
Driver Store 


|| @ cancer 


Description 


If the source Driver Store is running on a server different from 
the source Print Manager's server, this check box is selected. 


Specify the IP address or the DNS Name and the root 
password of the server on which the source Driver Store is 
located. 


For more details on using this panel, see Step 6 on page 227. 


This section lists the names and IP/DNS addresses of the 
source Print Broker volumes that need to be migrated to the 
target Driver Store. 


Use the + and - icons to add and delete the source Print 
Brokers. 
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Other Options Parameter 


Target Driver Target Driver Store DN 
Store 


Target Driver Store is 
remote 


Additional source Print 
Broker to be migrated 
to the above target 
Driver Store (optional) 


Printer Do not Migrate Printer 

Drivers Drivers and the 
association of the 
Printer Agents with the 
Driver 


Migrate Printer Driver if 
the driver is not present 
in the target Driver 
Store 
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Description 


The Target Driver Store DN field is auto populated with the 
Driver Store associated with the PSM object, if the driver store 
is running. This field is editable, and you can also specify the 
name of the Driver Store. To directly go to a context of your 
choice, specify the context in the search base and click 
Search. The objects in the specified context are displayed. 


Specify the IP address or the DNS name and the root password 
of the server on which the source Driver Store is located. For 
more details on using this panel, see Step 6 on page 227. 


To directly go to a context of your choice, specify the context in 
the search base and click Search. The objects in the specified 
context are displayed. 


IMPORTANT: If the target Driver Store is hosted by a server 
that is not hosting the Print Manager, you cannot select the 
Driver Store's eDirectory server. To resolve this, go to the Driver 
Store's /etc/opt/novell/iprint/conf/idsd.conf file 
and update the DSServer1 value to the address of a server that 
holds the replica. Restart the Driver Store (rcnovell-idsd 
restart) after making the change. 


If the Driver Store is running on the remote server (other than 
the target server), the Target Driver Store is remote check 
box is enabled. 


Specify the IP address or the DNS name of the remote server 
and the root password of the remote server in the 
corresponding entry fields. 


Click the plus button (+) and specify the IP address or the DNS 
name of the Source Broker. Select the Source Broker volume 

from the drop-down list and click OK. The list is populated with 
the IP address or DNS name of the Source Broker and Broker 
volume name. You can add multiple Source Brokers to the list. 


To remove the Source Broker from the list, select the IP 
address or DNS name and click the minus button (-). You can 
remove one Broker at a time. 


Selecting this option ensures that printer drivers and the 
association of Printer Agents with the drivers are not migrated. 


Selecting this option migrates the printer drivers for the driver 
platforms you have selected from the Select Driver Platforms to 
Migrate list if they are not present in the target Driver Store. 
This also migrates all the associations of the Printer Agents 
with the driver. 


NOTE: The default driver platform selection is All. 


Other Options Parameter Description 


Migrate all Printer Selecting this option overwrites the target drivers for the driver 
Drivers. This overwrites platforms you have selected from the Select Driver Platforms to 
the Printer Driver on Migrate list, if the driver names in the target Driver Store are 


the target Driver Store same as the source Driver Store. This also migrates all the 
associations of the Printer Agents with the driver. 


NOTE: The default Driver Platform selection is All. 


Printer Driver Migrate Printer Driver If the profiles are the same on the target server as the source 
Profile Profile server, the target profiles are overwritten. 


iPrint.ini File Migrate iPrint.ini File If you migrate printer agents from two or more print managers, 
the iPrint. ini file on the target server is replaced by the 
iPrint.ini of the last source server. 


NOTE: After migration, if the target server's iprint . ini file is 
overwritten by the source server's file, and if the target server's 
iprint.ini file had new parameters that were erased, you 

can restore them by copying the parameters manually from the 
iprint.bak file. The iprint. bak file is a backup of the target 
server's iprint. ini file. After migration, the iprint.bak file 
is saved in the /var/opt/novell/iprint/htdocs directory. 


6 Inthe Source Driver Store and Target Driver Store panels, the default user name is displayed as 
root. To use a user name other than root, make the following changes: 


Source Driver Store 
[x] The Source Driver Store is not on the same Server as the Source Print Manager 
IP Address/DNS Name Í 


User Name root 


User Password 


Migrate the following additional Source Print Brokers to the Target Driver Store 
[ IP Address/DNS Name I Broker Volume Name ] [8] 


Target Driver Store 
Target Driver Store DN [cn=ds-102-53,0=novell J [ta] 
[v] Target Driver Store is remote 


IP Address/DNS Name [192.168.1.255 


User Name lroot 


User Password | 


+ Add the intended user name to the sudoers database by using the following command - 
<new non-root user name> ALL = (ALL) ALL 

+ Comment out the following two lines from visudo -f /etc/sudoers: 
1. Defaults targetpw # ask for the password of the target user i.e. root 


2. ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults 
targetpw'! 


This ensures that the system does not prompt you for a root password. 
7 Click OK to finish the configuration and go back to the migration screen. 
8 Click Migrate. 
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Using the Command Line Utility 


You can use iprintmig to migrate iPrint. For more information, see “iPrintmig Man Page” on 
page 240. 


Use one of the following methods to migrate to OES 2015 SP1: 


+ From a terminal prompt on the target server, run iprintmig to migrate the printers on the 
source server to the target server. Before running the utility, set the environment variable for 
safely transferring the password. 


For safe transmission of passwords to the script via an environment variable or via the -P/-T 
options, see “Using Passwords” on page 244. 


IMPORTANT: This method is safe and recommended. 


Syntax: iprintmig -s source_server -u source_username_only -U 
target_username_only -a -x psminfo.xml -I cn=ids, o=example,c=us -i 
ids.example.com -c ou=iPrint, o=example, c=us 


+ From a terminal prompt on the target server, run iprintmig to migrate the printers on the source 
server to the target server by specifying the password. 


IMPORTANT: The password is visible to users in this method. 


Syntax: iprintmig -s source_server -u source_username_only -p source password - 
U target_username_only -t target password -a -x psminfo.xml -I 
cn=ids, o=example,c=us -i ids.example.com -c ou=iPrint, o=example, c=us 


Migrating One Printer at a Time 

Example: iprintmig -s source_server_name -u source_admin -U target_admin -n 
printer1 -x psminfo.xml -I cn=ids, o=example,c=us -i ids.example.com -c 

ou=iPrint, o=example,c=us -N 

Migrating a Few Printers at a Time 

Example: iprintmig -s source_server_name -d target_server_name -u source_admin -U 
target_admin -x psminfo.xml -I cn=ids, o=example,c=us -i ids.example.com -c 
ou=iPrint,o=example,c=us -n printer1 -n printer2 -n printer3 -n printer4 -L 
Migrating All Printers 

Example: iprintmig -s source_server_name -d target_server_name -u source_admin -U 
target_admin -x psminfo.xml -I cn=ids, o=example,c=us -i ids.example.com -c 
ou=iPrint, o=example,c=us -a -N 

Migrating Printers by Using SSL 

Example: iprintmig -s source_server -u source username -U target username -a -I 


cn=ids,o=example,c=us -i ids.example.com -c ou=iPrint,o=example,c=us -ssl -port 
LDAP port -N 
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Migrating Printers without SSL 


Example: iprintmig -s source_server -u source username -U target username -a -I 
cn=ids, o=example,c=us -i ids.example.com -c ou=iPrint,o=example,c=us -port LDAP 
port -N 


IMPORTANT: Ensure that you verify the result of iPrint migration after completing migration, as 
described in “Verifying the Result of the iPrint Migration” on page 229. 


Verifying the Result of the iPrint Migration 


1 Open iManager on the server you use for iPrint management. 
2 Install some printers on the test workstation. 
3 Run reports to verify all the migrated information: 
3a Go to https://<MigrationServerIP>/PsmStatus/GenerateReportSettings. 


3b Select the check box for Printer Drivers, Associated NDS Printer, and other options for the 
NetWare Printer Agents. 


3c Click Generate Report. 


3d Verify that all the printer agents have the expected values. 


Transfer ID 


To perform an identity transfer, configure the iPrint service for migration, then select Transfer ID. This 
migrates iPrint to an OES 2015 SP1 server, and then transfers the source server’s identity. Migrate 
iPrint services to the target server before starting the Transfer ID process. For more information, see 
Chapter 11, “Using the Migration GUI Tool for Transfer ID,” on page 69. 


Before starting the Transfer ID process you must migrate all services to the target server. See 
Chapter 10, “Preparing for Transfer ID,” on page 63. 


IMPORTANT: Do not start the Transfer ID process until the migrated iPrint service on the target 
server successfully completes the outlined tests. To verify the result of iPrint migration, see “Verifying 
the Result of the iPrint Migration” on page 229. 


Migrating an iPrint Cluster Resource 


Perform the following steps to migrate the iPrint cluster resource from NetWare to OES 2015 SP1 
without reinstalling the printers on the workstations. 


NOTE: When you upgrade to OES, ensure that you migrate NDPS printers to iPrint. NDPS is not 
supported on OES Linux. For more information, see “How to automate the upgrade from NDPS to 
iPrint” (http://www.novell.com/support/php/ 
search.do?cmd=displayKC&docType=kc&externalld=7004661&sliceld=2&docTypelD=DT_TID_1 1 
&dialogID=159879519&stateld=0%200%20159881359) 


1 Set up iPrint for a cluster environment. 


For more information, see “Setting up the Cluster Environment for iPrint” in the OES 2015 SP1: 
iPrint Linux Administration Guide. 
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2 Migrate the target cluster resource hosting iPrint from node to node. 
On each node, check the status of the Print Manager and Driver Store. 
rcnovell-ipsmd status 
rcnovell-idsd status 


Test the ability of the Print Manager to authenticate the admin user (or the user given in the 
Migration Tool. 


iprntman psm -1 -u admin 
3 Perform the pre-migration for ¡Print configuration. 
For more information, see “Pre-Migration ¡Print Configuration” on page 221. 


4 Perform a consolidated migration of the ¡Print service. For more information, see “¡Print 
Consolidate Migration” on page 222. 


When the source or target ¡Print service is hosted on a cluster resource, transferring a node's 
identity is not necessary and not recommended. 


5 Verify the result of the ¡Print migration. 

For more information, see “Verifying the Result of the ¡Print Migration” on page 229. 
6 Transition end-user printing from NetWare to Linux: 

6a Offline the NetWare ¡Print cluster resource. 

6b View the NetWare ¡Print cluster load script's /DNSNAME value. 


6c Configure DNS to resolve the /DNSNAME value to the IP address of the target Linux cluster 
resource hosting the Print Manager. 


The propagation of the DNS change might take time, depending on your network. 


DNSNAME is the address that the clients use to find the NetWare Print Manager. The same 
DNSNAME is used to find the Linux Print Manager. 


6d Update each of the Linux node /etc/hosts files to resolve to the Linux ¡Print cluster IP 
address. 


6e Update the /etc/opt/novell/iprint/conf/ipsmd.conf PSMHostAddress value to the / 
DNSNAME. 


6f Restart the Print Manager. 
7 Perform the post-migration steps. For more information, see xxxx. 


Migrating ZENworks iPrint Policies 


The ZENworks 10 Configuration Management and ZENworks 7 iPrint policies contain a list of printers 
to be distributed via the policy. The printer names are back-linked to the eDirectory object of the 
corresponding printer. When the iPrint service is migrated from source server to an OES 2015 SP1 
server, iPrint policies containing migrated printers must also be updated. For example, if the 
ZENworks7 ¡Print policy contains a printer from the source server, after migration it must contain a 
corresponding printer from the target server. 


The novell-iprint-migration.rpm also contains the scripts for migrating ZENworks 10 
Configuration Management and ZENworks 7 policies. You must run the scripts to migrate the policies. 


Migrating iPrint to OES 2015 SP1 


IMPORTANT: The target server and the source server must be in the same tree and in the same 
container. 


+ “Policy Migration in ZENworks 10 Configuration Management” on page 231 
¢ “Policy Migration in ZENworks 7” on page 232 


Policy Migration in ZENworks 10 Configuration 
Management 


+ “Prerequisites” on page 231 


+ “Options” on page 231 


Prerequisites 


+ The file with the list of printers to be migrated must be copied from the target server to the 
ZENworks 10 Configuration Management server. 


+ Ensure that the latest version of ZENworks 10 Configuration Management is installed. You can 
get the ippmanagement utilities from there. 


¢ Install Perl on your server to run the policy migration script on the ZENworks 10 Configuration 
Management windows server. 


Syntax: zcm-migrate-print-policy.pl -a<Administrator name> -p <Administrator password> 
-s <Source server> -d <Destination server> . 


The zcm-migration-print-policy.pl script is located in /opt/nove11/bin. Copy and run the 
script on the ZENworks 10 Configuration Management server. This script copies the original printer 
policies and the policies are formed in the target server. If you encounter any error, refer to the log file 
available at zcm10-migration. log. 


Options 

-a, --admin 

Administrator name. 

-p, --passwd 

Administrator password. 

-P, --port 

(Optional) Port number (The default port is 80). 
-1, --linux 

(Optional) The source operating system is Linux. 
-n, --netware 

(Optional) The source operating system is NetWare. 
-S, --Src 


Source server IP address or the DNS name. 
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-d, --dest 

Target server IP address or the DNS name. 

-r, --rem 

(Optional) Deletes old policies. 

-C, --change 

(Optional) Changes the default printer. 

-f, --file 

The filename that has the list of printers to be migrated. 
-X, --xml 


(Optional) The directory containing the policies in XML form. 


Policy Migration in ZENworks 7 


The zen7-migration-print-policy.pl script is located in /opt/novell/bin/. Run the script on 
the target server where the replica of the eDirectory tree is present. This script copies the original 
printer policies, and the policies are defined on the target server. If you encounter any error, refer to 
the log file at /var/opt/novell/log/iprint/zenpolicy_migration.1log. 


Syntax: <script name> -v -v -v <log file> -s <Host name or IP address> -a 
<Administrator FDN> -p <Administrator password> -b <Base DN> -d <Keep default> -r 
<Deletes the old policies> -n <Source Operating System> -f <Filename containing a 
list of files containing migrated printer list>. 


Options: 

-V -V -V 

Log file. 

-s, --host 

Hostname or IP address. Source server IP address. 
-a, --admin 

Administrator FDN (such as cn=admin,o=novell). 

-p, --passwd 

Administrator password. 

-b, --base-dn 

DN of a container to search for the ZENworks 7 iprint policy objects (e.g. o=novell). 
-d, --keepdefault 

Retains your default printer in the ZENworks 7 policy. 
-1, --linux 


The source operating system is Linux (For an ID swap always specify -l, even if the source is 
Netware.). 
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-n, --netware 

The source operating system is NetWare. 

-f, --file 

A filename that has a list of printers to be migrated. 


For more information on ZENworks, refer to ZENworks 10 Configuration Management (http:// 
www.novell.com/documentation/zcm10/index.html). 


Verifying Migration 


After migration is complete, the desired Print Manager on the target server must be active. This 
ensures that the migration has been successfully completed. Use the procedures in this section to 
check for the Print Manager and printers. 

+ “Using iManager” on page 233 


+ “Using the Command Line” on page 233 


IMPORTANT: If the Print Manager is down after migration, see “Troubleshooting iPrint Migration” on 
page 234. 


Using iManager 


1 Open iManager on the target server. 
2 Go to iPrint > Manage Print Manager. 
3 Specify the iPrint Manager name or NDPS Manager name. 
4 Click OK, then ensure the Print Manager status is Active. 
5 Click Printer Agents. 
Depending on your setup, it might take some time to display the printers on the target server. 


Using the Command Line 


1 Atthe console, enter iprintman psm -1 -u admin. 
2 Enter the admin password when prompted. 


This displays the status of all the Print Managers with their status. Ensure that the desired Print 
Manager is Active. 


3 Atthe console, enter iprintman printer -1 -u admin. 
4 Enter the admin password when prompted. 
This displays the printers on the target server. 


Cleaning Up Stale Objects 


You can clean up stale ¡Print objects by using the /opt/nove11/iprint/bin/iprintcleanup.pl -s 
<source_server> -u <source_user(FDN format )> --ssl --port <LDAP_Port> -f <filename> 
command. 
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-h | --help 

Print the summary 

-s | --src <source_server> 

Source server IP address. 

-u | --src-user <user> 

Admin user FDN for the source server. For example, cn=admin,o=novell. 
-p | --src-pass <pswd> 

Password of the source server admin user. 

-f | --renamed-printers-file <filename> 

Filename to clean up. For example, /etc/opt/novell/iprint/conf/renamed_printer_objects. 
--ssl 

Use this option if SSL is enabled on the server. 

--port 


LDAP enabled port. 


Troubleshooting iPrint Migration 


+ “¡Print Service Does not Work After Transfer ID Process” on page 235 

+ “Printers are not migrating to OES” on page 235 

+ “Target server authentication fails in a cluster environment” on page 236 

+ “Printers are not migrating with the -f option” on page 236 

¢ “Invalid driver path assignments” on page 236 

+ “Printers are not migrating in the same eDirectory tree under the same context” on page 237 
+ “Migration fails even after a pre-check is passed” on page 237 

¢ “Migration fails when the Print Manager does not have a clean shutdown” on page 237 

¢ “Migration fails when a printer is assigned to a Print Manager” on page 237 

¢ “Migration fails when the SYS volume folder is not available on the source server” on page 238 
e “Migration fails for container admin credentials on the source server” on page 238 

¢ “Migration fails with an error message” on page 238 


+ “The Driver Store and Print Manager are not initialized after migration on the target server” on 
page 238 


¢ “Printers not coming up after Transfer ID migration” on page 239 
¢ “Printer fails to install with the error “wrong printer URL”” on page 239 


¢ “Migration is completed with the status displaying as “Successful with warnings. Please refer the 
migration log” on page 239 


¢ “Printers migrated from the source to target in the same context, are not migrated to the target in 
a different context” on page 239 
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+ “Problems with accessing newly created printer agents after copying the padbtxt.xml file from the 
source to the target” on page 240 


+ “Redirections are not successful when printers are migrated” on page 240 


iPrint Service Does not Work After Transfer ID Process 


Source: The iPrint service does not work after the Transfer ID process is complete. 


Action: 


On completion of the Transfer ID process, confirm the following values: 


1 


Go to /etc/opt/novell/iprint/conf/ipsmd.conf and change the 
PSMHostAddress value to the source server's IP address or DNS name 
(preferably a CNAME was used). Use the address that was used when you 
loaded with the /dnsname or /ipaddress switch. If you are unsure, view the 
name by which the iPrint printers are installed at the workstations. 


Change the eDirectory server1 value to a reliable eDirectory server 
address. 


Go to /etc/opt/novell/iprint/conf/idsd.conf and change the 
IDSHostAddress value to the source server's IP address or DNS name 
(which is now the target server's IP or DNS). 


Change the eDirectory server1 value to a reliable eDirectory server 
address. 


5 Goto /etc/hosts and ensure that entries are correct for the new identity. 


6 Goto /etc/opt/novell/iprint/httpd/conf/iprint_ssl.conf and 


update the AuthLDAPDNURL "Idaps://[address..]" to any reliable LDAP 
server. 


Go to /etc/opt/novell/iprint/httpd/conf/iprint_g.conf and update 
the address after the ServerName entry. Ensure that you choose the new 
identity IP address. 


Restart the Print Manager (rcnovell-ipsmd restart), Driver Store 
(rcnovell-idsd restart), and Apache (rcapache2 restart). 


Use iManager to test iPrint by using the Print Manager, Driver Store, and 
printers. 


If you encounter an error while managing the Print Manager, one of the 
certificates may need to be updated. To troubleshoot, see the Cool 
Solutions article “Certificate Re-creation Script for OES” (https:// 
www.novell.com/communities/coolsolutions/cool_tools/certificate- 
recreation-script-oes1-and-oes2/). 


Printers are not migrating to OES 


Explanation: 


Possible Cause: 


Occasionally the iPrint migration status is successful but the specified Print 
Manager is not active or is down, and so printers are not migrated to the OES 
server. 


Some other Print Manager is active or is already loaded on the OES server. 
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Action: On the OES server: 


1 Search for the ipsmd daemons by executing the ps ax | grep ipsmd 
command. This displays two running ipsmd processes. 


2 Kill the individual ipsmd daemons by executing 
kill -9 pid_of_ipsmd 


3 Restart migration by executing iprintmig. 


Target server authentication fails in a cluster environment 


Explanation: The loopback address is not authenticated. 


Possible Cause: The loopback address is not being resolved to the IP address of the target server 
in the cluster environment. 


Action: Enter the IP address or DNS name of the target server. 


Printers are not migrating with the -f option 


Explanation: iprintmig skips adding printers from the file containing the printer list. 


Possible Cause: If the file with the printers to be migrated contains extra spaces or characters, the 
file is skipped by the utility. 


Action: Delete the extra spaces or characters and restart the migration process. 


Invalid driver path assignments 


Explanation: Specific printers are not being migrated, and you see the error message 
XMLTODOCIMInstance: :dowork(): CIMException encountered (general 
error) <Operating System Name> GetDriverInfo failed:<Printer Name> 
during migration. 


Possible Cause: The printers are associated with deleted or missing drivers. 


Possible Cause: The driver is associated with a remote path that no longer exists. The path can 
be a remote server or an unmounted volume. 


Action: Verify the driver path and generate a report to correct the driver assignment: 
1 In iManager, select Manage Print Manager. 


2 Select an NDPS Manager. 
3 Click OK. 


NOTE: If the Print Manager is down, click Startup to change the status to 
Active. 


4 Click Printer Agents Configuration Report. 


5 Select one or more configuration options for the operating system name 
displayed in the error message. 


6 Click Generate Report. 


7 The driver assignment path is displayed for individual Printer Agents in the 
report. 


8 Verify that the complete driver path is a valid assignment. 
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9 (Conditional) If the path is invalid, select Manage Printer and do the 
following: 


9a Choose a required printer under NDPS Printer Name. 
9b Click OK. 


9c Inthe the Drivers tab, select the specific operating system for which 
the assignment is invalid. A message displays this message - The 
current driver does not exist. 


9d Click OK. 


9e Select either NONE or a suitable driver. 


Printers are not migrating in the same eDirectory tree under the 


same context 


Explanation: 


Possible Cause: 


Action: 


Printers are not being migrated, and you see an error message: 
CIMException encountered (general error): Creation of printer 
"CN=<PrinterName>, o=<organization>' object failed. Object exists, 
but failed to get iPrintPrinterManager value. 


The migration was in the same eDirectory tree, and the source Print Manager 
and target Print Manager were under the same context. 


Use iManager to create a Print Manager on the target server in a different 
context. Restart the migration with the target Print Manager as the newly created 
Print Manager. 


Migration fails even after a pre-check is passed 


Explanation: 


Possible Cause: 


Action: 


When you restart the source server, the migration fails if the Print Manager was 
not successfully unloaded. 


The eDirectory attributes for the unloaded PSM are not cleaned up. 


Restart the Print Manager. 


Migration fails when the Print Manager does not have a clean 


shutdown 


Explanation: 
Possible Cause: 


Action: 


When the Print Manager does not have a clean shutdown, migration fails with an 
error message stating this is an invalid print manager on target. 


The eDirectory status for the Print Manager is not updated when the Print 
Manager shutdown is not clean. 


Restart the Print Manager. 


Migration fails when a printer is assigned to a Print Manager 


Explanation: 


Possible Cause: 


The migration fails with an error message: CIMException encountered (general 
error): Creation of printer <Printer FDN> ( Eg: 
cn=Printer1,o=novell) object failed. Object exists, 
iPrintPrinterManager value indicates that the printer is 
associated with another ipsmd. 


Trying to reassign a printer to a new Print Manager when the existing Print 
Manager assigned to this printer is down. 
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Action: Do not select the printer that is currently assigned to a Print Manager on the 
target server when it is down. 


Migration fails when the SYS volume folder is not available on the 
source server 
Possible Cause: The sys:ndps folder was renamed or deleted from the source server. 


Action: Ensure that the sys:ndps folder is on the source server. 


Migration fails for container admin credentials on the source server 


Explanation: Printer objects with the container admin credentials are not being migrated. 


Possible Cause: There is a mismatch between the source server and container admin credentials 
for the user. The source server might not be in the same container where full 
access rights are defined. 


Action: Ensure that the user has the following rights and permissions assigned explicitly 
so that the user can access and execute psminfo.nlm: 


+ The read permission to the sys:ndps folder on the migration source server. 


+ Add the user as a trustee with supervisor rights to the source server NCP 
Server object. 


Migration fails with an error message 


Explanation: Migration fails with the following error message: 'OpenWBEM4: :HTTPException' 
what(): Unable to process request: 401: Authentication failure 


Aborted. 
Possible Cause: The admin user is not correctly LUM-enabled. 
Action: LUM-enable the admin user: 
1 Run yast2 novell-lum from the command prompt. 
2 Click Continue. 
3 Enter the admin password. 
4 Click Next and follow the on-screen prompts. 


The Driver Store and Print Manager are not initialized after migration 
on the target server 


Explanation: The Driver Store and Print Manager are not initialized on the target server when 
SLP configuration is used. 


Possible Cause: Problems in SLP configuration before starting migration. 


Action: Enterthe slptool findsrvs service:ndap.novell | grep <TREE NAME> 
command to list the TREENAME. If the tree name is not listed, fix the SLP 
configuration. For details, see “Prerequisites” on page 43. 
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Printers not coming up after Transfer ID migration 
Explanation: You migrate printers by using the Transfer ID option, but printers are not coming 
up. 
Possible Cause: Printers are not being associated with the drivers after a Transfer ID action. 


Action: Use the following procedure: 


1 Run the /opt/novell/bin/ipsmd -x /tmp/psmimport_idswap.xml -s 
<Server IP Address> -u admin -f command on the OES 2015 SP1 
console. 


2 Enter the admin password. 


Printer fails to install with the error “wrong printer URL” 


Explanation: On successful migration, the redirected printers fail to install on the target server. 


Action: If the ¡Print service is configured with the IP address and if the source server is 
down, installation fails. 


Ensure that the source server is up and running and then install the redirected 
printer. 


Action: If the ¡Print service is configured with DNS and the DNS is not resolved with the 
target server IP address, installation fails. 


Ensure that the DNS is resolved to the target server IP address and then install 
the redirected printer. 


Migration is completed with the status displaying as “Successful 
with warnings. Please refer the migration log” 


Explanation: The message is displayed when the drivers associated with the printers are not 
migrated to the target server. 


The printers are migrated, but you cannot install the printers for which the driver 
download or upload has failed. 


Action: Check the migration log for the drivers that failed to migrate. Do not perform a 
migration; instead, manually upload or download those drivers to the target 
server. 


Printers migrated from the source to target in the same context, are 
not migrated to the target in a different context 


Explanation: When you migrate printers from the source to the target in the same context, 
then you restart the Printer Manager and try to migrate those printers again ina 
different context, the printers fail to migrate. 


Action: Do not migrate printers in a different context if they have already been migrated 
from the source to the target in the same context. 
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Problems with accessing newly created printer agents after copying 
the padbtxt.xml file from the source to the target 


Explanation: When you copy the padbtxt.xml file from the source to the /opt/novell/ 


Action: 


iprint/share directory on the target, the Migration Tool cannot access any 
newly created Printer Agents that were added to the source after copying the file. 


Copy the padbtxt. xml file from the source to the target everytime you create 
printer agents. When you select printers to migrate and migration passes 
successfully, but the printers selected for migration are still not migrated, one 
possible reason could be the presence of an outdated padbtxt.xml file in the 
directory. Remove the file and retry the migration procedure. 


Redirections are not successful when printers are migrated 


Explanation: 


When you redirect one printer to another on the source, migrate both the 
redirected printer and the other printer to the target, associate a driver to the 
redirected printer on the target server, then try to install the other printer from the 
target server, the printer installation fails. This is because this printer on the 
target server points to the redirected printer on the source, which does not have 
any drivers asssociated with it. 


IPrintmig Man Page 


+ “iprintmig(1)” on page 241 
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iprintmig(1) 


Name 


iprintmig - Migration utility for Novell iPrint 


Syntax 
This section contains iPrint commands and utilities used on the Linux platform. 
iprintmig -s <server> -u <user> <options> -n <printer1>...<printerN> 


iprintmig -s <options> 


Description 


iprintmig is a management tool used to migrate printers to OES 2015 SP1. 


Options 
-h, --help 
Prints this summary. 


-V, -VV, -VVV, -vvvv, -verbose 


Specify the level of detail to display about the execution of operations with -v displaying minimum 
information and -vvvv displaying maximum information. 


-V, --version 
Prints version information. 
-S <server>, --src <server> 
Specifies the source server hostname or address to migrate from. 
-d <server>, --dst <server> 
Specifies the target server hostname or address to migrate to. 
-D <PSM DN>, --dst-dn <PSM DN> 
Specifies the destination print manager DN to migrate to. 
-u <user>, --src-user <user> 
Specifies the FDN format admin for the source server, such as cn=admin, O=example. 
-U <user>, --dst-user <user> 
Specifies the FDN format admin for the target server, such as cn=admin, O=example. 
-p <pass> , --src-pass <pass> 
Password of the source server admin user. 
-P<fd>, --src-pass-fd <fd> 


File descriptor number (to read the source admin password). 


Migrating iPrintto OES 2015 SP1 241 


242 


-t<password>, --dst-pass <password> 

Password of the user on the target server. 
-T<fd>, --dst-pass-fd <fd> 

File descriptor number (to read the destination admin password). 
-i</IDS_server>, --ids </DS_server> 

Target iPrint Driver Store (IDS) server hostname or address. Defaults to dst. 
-I<IDS_DN>, --ids-dn <IDS_DN> 

Distinguished name of the target IDS. 
-e<server>, --edir <server> 

Server hostname or address of the eDirectory server for the target server to use. 
-n<printer>, --printer-name <printer> 

Name of the printer to migrate. Can be specified multiple times. 
-f <file>, -printers-file <file> 

File containing names of printers (1 per line) to migrate. 
-F <fd>, -printers-fd <fd> 

File descriptor number listing names of printers to migrate. 
-a, --all 

Migrates all printers from the source. 
-c<DN>, --dst-container <DN> 

DN of the container to create print objects in (conflicts with -S). 
-S, --same-dn 


Creates objects on the target server with the same DN as the source server. Only valid when 
migrating to a new tree. 


-H, --same-hostname 


Creates a manager on the target server with the same hostname as the source manager. Useful 
when migrating the entire print server. 


-x<file>, --xml-outfile <file> 
Saves the XML migration processing file to <file>. 


--O, --remoteDS-root-pass<pass> 


Root password of the remote driver store server. 


--O, --remoteDS-root-pass-fd<fd> 


File descriptor number (to read the root password of the remote driver store server). 
--q, --Src-root-pass<pass> 

Root password of the source server. 
--Q, --src-root-pass-fd<fd> 


File descriptor number (to read the root password of the source server). 
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--srcversion 


Indicates the version of the operating system on the source server. 


--nodrivers 


Do not migrate drivers. If drivers are not present in the destination IDS, clients cannot install 
printers. 


--overwrite-drivers 


If the destination IDS has a driver with the same name as a corresponding driver on the source 
server, overwrite it. 


--noacls 
Stops migration of Access Control Lists (ACLs). 


--noprofiles 
Stops migration of profiles. If profiles are not present on the target server, clients cannot install 
printers. 

--overwrite-profiles 
Overwrites the target server profile for a driver with the same name as a profile on the source 
server. 

--nogo 


Prepares but does not perform migration. This option creates an output XML file and migrates 
drivers (unless - -nodrivers was specified) but does not perform migration. 


--debug 


Prints debug messages to a /var/opt/novell/log/migration/iprintmig. log file. 


--update 


Synchronizes any changes in the source server data with the target server after the migration 
process is complete. This option must be used in conjunction with the -a option. 


--resume 
Lets you resume the migration process from where it was suspended. 


--precheck 


Validates the parameters passed for the migration process and returns the status without 
actually starting the migration. 


--consolidation 

Aggregates services on a single target server from multiple source servers. 
--ssl 

Enables secure authentication. 
--port 

Indicates the LDAP port. 


--treeflattening 


Creates the contexts of the source printers under a different context on the target server. The 
context of the target printer is specified by using the -c<DN>, --dst-container <DN> option. 
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--idswap 


Migrates printers from the source server to the target server without changing their identities. 


--driver-platform 


Identifies the names of the platforms to migrate. All the drivers for the selected platforms are 
migrated. The driver platforms should be specified every time you configure the print options. For 
example, --driver-platform "Windows XP" --driver-platform "Vista 64". 


Using Passwords 


For security reasons, it is safest to transmit passwords to the script via an environment variable or via 
the -P/-T options, because any user of the system can view the password if it is on the command line 
(-p/-t options). 


Instead, have the calling program set its environment with the following two variables: 
IPRINTMIG_SRC_PASSWORD=examplePassword1 
IPRINTMIG_DST_PASSWORD=examplePassword2 


Then you can execute the following command, which migrates all the printers from 
server1.example.com to the server where the script is being run. 


iprintmig -s server1.example.com -u admin.example.us -U admin -a -x psminfo.xml -I 
cn=ids, o=example,c=us \-i ids.example.com -c ou=iPrint,o=example,c=us 


Examples 


The following example migrates several printers at a time while explicitly specifying the hostname of 
the new print manager: 


iprintmig -s server1.example.com -d newserver.example.com -u admin.example.us -U 
admin -x psminfo.xml \ -I cn=ids,o=example,c=us -i ids.example.com -c 
ou=iPrint,o=example,c=us -n printer1 -n printer2 \-n printer3 -n printer4 


If a calling program specifies a large number of printers, there are three ways to proceed: 


¢ The -n (or --printer-name) option can be specified with a printer name one or more times, as in 
the example above. This can create a very long command line if many printers are being 
migrated, so this usage is discouraged. 


+ Afile containing printer names, one per line, can be specified by using the -f (or --printers-file) 
option. For a calling program to use this file, the program must first write the list of printers to a 
temporary file. 


+ The calling program can avoid the use of a temporary file by using the -F (or --printers-fd) option, 
which allows the calling program to send the list of printer names over a pipe, such as a pipe 
created with socketpair(). When you use the -f (or --printers-file) option, printer names are read 
from the file descriptor, one per line. 
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A simple example of this usage follows in C. Similar methods are available with the 
Mono.Posix.Syscall members. 


char *printers[] = { "pi", "p2", "p3" }; 
int fds[2], pid, rc; 
rc = socketpair(AF_UNIX, SOCK_STREAM, 0, fds); 
if (re < 1) 


perror("Error creating socket pair"); 
exit(1); 


} 
pid = fork(); 
switch (pid) 
{ 
case -1: //Error 
perror("Fork failed"); 
exit(1); 
case 0: //Parent 
close(fds[1]); 
for (int i; i < (sizeof(printers)/sizeof(char**)); ++1) 


write(fds[0], printers[i], strlen(printers[i])); 
write(fds[0], "An", 1); 


} 

close(fds[0]); 
break; 
default: //Child 
close(fds[0]); 


//Set an environment that contains the password env vars 
//Make sure that close on exec isn't set for fds[1] 
//exec the iprintmig script with "-F" and fds[1] converted from an int to 
a string as arguments 


} 


Notes 


Most of the information that this program requires can be obtained from the eDirectory objects that 
you select. For example, to migrate all printers from a NetWare server to the new Linux server, you 
need to select the old PSM object, which contains the address of the server it is running on. Then you 
need to select the destination PSM, which has attributes for its network address, the eDirectory 
server it is using, and the IDS it is using. The corresponding IDS object has its own address. 


There are some details that you must manually provide instead of selecting or discovering, such as 
details about credentials and whether or not to migrate profiles or drivers. 


You can select a destination container to hold the objects created during migration, or you can choose 
to keep the same path for objects. This only works for a move from one tree to another, because 
NetWare objects already exist in the source tree and might conflict with the new Linux versions of the 
objects. 


Authors 
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2 8 Migrating NetStorage to OES 2015 SP1 


This section describes the procedures to migrate NetStorage from supported OES versions to OES 
2015 SP1. 


+ “Migrating NetStorage to OES 2015 SP1” on page 247 


Migrating NetStorage to OES 2015 SP1 


The supported OES servers are referred as the source server and the OES 2015 SP1 server as the 
target server. 


Prerequisites 


Before proceeding to migrate, meet the following prerequisites: 


+ NetStorage is installed and configured on OES 2 SP3 32-bit machine. 
+ NetStorage is installed on target OES 2015 SP1 machine. 


For more information about installing and configuring NetStorage, see “Installing NetStorage” section 
in the OES 2015 SP1: NetStorage Administration Guide for Linux. 


What is Migrated 


The following data is migrated from the source server to the target server: 


+ Xtier registry settings and configurations 


Migration Procedure 


Source Server 


1 Backup the /var/opt/novell/netstorage/shared folder. 
2 Backup the /opt/novell/netstorage/webapp/WEB- INF/classes/Settings. properties file. 


3 At the terminal prompt use the following command to stop the xregd user: rcnovell-xregd 
stop 


4 Export the registry available at /var/opt/novell/xtier/xregd/db as an xml file using the 
following commands: 


/opt/novell/xtier/bin/regutil -e srcReg.xml 


Target Server 


1 Copy the /var/opt/novell/netstorage/shared folder in the same volume and directory 
structure. 


2 Copy the /opt/novell/netstorage/webapp/WEB-INF/classes/Settings. properties file in 
the same volume and directory structure. 
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3 Ensure that file permissions are retained. 


4 Copy srcReg.xml to any location. For example, /opt/novell/xtier/bin/regutil -i 


<location>/srcReg. xml, where <location> is the location of your choice. 


At the terminal prompt use the following command to stop the xregd user: rcnovell-xregd 
stop 


Navigate to /var/opt/novell/xtier/xregd/db/ and verify that the directory db is empty using 
the following command: 1s -1. If the directory is empty, continue to step 5. 


7 If any files exist in the db directory, move all the files to a temporary directory, say /tmp. 


10 


13 


14 
15 


Generate files inside the xtier registry using the following commands: 
8a To restore the source server registry: 
/opt/novell/xtier/bin/regutil -i srcReg.xml 


Navigate to /var/opt/novell/xtier/xregd/db/ and run the command 1s -1 /var/opt/ 
novell/xtier/xregd/db to ensure that the following files are generated: 


+ xtier_registry.db 
+ xtier_registry.lck 
+ xtier_registry.rfl 
Start the xregd user using the rcnovell-xregd start command. 
Navigate to the xtier registry using the following command /opt/novell/xtier/bin/regedit. 


At the regedit prompt, execute the cd local_machine command and 1s -1 command to view 
the contents inside the directory. If a directory named software is present in the local_machine 
directory, then the registry is rebuilt without any error. 


Similarly, enter the following commands in the sequence listed along with Is -I command to view 
the content in the respective directories: 


+ cd software 

+ cd Novell 

+ cd Xtier 

+ cd Configuration 


If the content exists in all the respective directories, then the Xtier registry is completely 
rebuilt. 


Enter exit. 


Restart the machine. 


Transfer ID - Same Tree 


In this scenario, the target server is installed in the same tree as the source server. On successful 
completion of Transfer ID, the target server functions with the same credentials (Such as IP address 
and host name) as the source server and source server node is no longer available in the network. 
For more information, see Chapter 11, “Using the Migration GUI Tool for Transfer ID,” on page 69 
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Post Migration 


After migrating NetStorage, 


+ Login to iManager and go through the NetStorage Task, the configurations should have been 
properly migrated. 


+ Access NetStorage from a browser http://<IP-ADDRESS>/NetStorage/ and should be able to 
login and access files and folders. 
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Migrating NTP to OES 2015 SP1 


Migration refers to the process of migrating Timesync services from a NetWare system to NTP ona 
Linux system. The OES Migration tool follows a source/target model. 


The following sections give more details on the migration procedure for Timesync. 


+ “Planning the Migration” on page 251 

¢ “Migration Scenarios” on page 251 

¢ “Migration Procedure” on page 251 

¢ “Post-Migration Procedure” on page 252 


Planning the Migration 


You can migrate the NTP services running on one of the following source platforms to the listed target 
platform: 
Source Servers 


+ NetWare 6.5 SP8 


Target Server 


+ OES 2015 SP1 


Migration Scenarios 


The following scenarios are supported for Timesync/NTP migration: 


+ Consolidation on the same tree 
¢ Consolidation on a different tree 
+ Transfer ID on the same tree 
For details on these three scenarios, see “Migration Scenarios” on page 16. 


Migration Procedure 


Migration of NTP configuration can be done from the Migration Tool or through the command line. 


The migration procedure reads the NetWare NTP/Timesync configuration file and maps its 
parameters to the equivalents in NTP Linux. During the migration process, the existing ntp.conf file 
is backed up and saved as ntp.conf.old in the /etc directory and the new parameters are saved in 
/etc/ntp.conf. If NTP is already configured on the target server while configuring eDirectory, this 
configuration is overwritten. 


+ “Using the Migration Tool to Migrate Servers” on page 252 
+ “Using the Command Line to Migrate Servers” on page 252 
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Using the Migration Tool to Migrate Servers 


1 Launch the Migration Tool in one of the following ways: 
Desktop: Click Computer > More Applications > System > Novell Migration Tools 
Terminal: Log in as the root user and at a terminal prompt, enter miggui 

2 Configure the source and target parameters. 


For details on configuring source and target server information, selecting a migration type, 
loading and saving a project, and all buttons, see Chapter 2, “Overview of the Migration GUI,” on 
page 21. 


3 Select Novell NTP from Services and click Configure. The status changes from Not Configured 
to Ready. 


4 Click Migrate to start the migration process. The status changes from Migrating to Migrated. 


NOTE: Use the Status > Logs tab to check for errors during migration. Fix the errors and restart 
the migration procedure if necessary. 


Using the Command Line to Migrate Servers 


To run the NTP migration utility through the command line, run the following command on the target 
server with the required parameters: 


migtime -s <source IP address> 
For example: 


migtime -s XXX.XXX.XXX.XXX 


Post-Migration Procedure 


Load the XNTPD daemon by entering the following command at the prompt: 


rentp restart 
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Migrating NCP to OES 2015 SP1 


This section describes how to migrate NCP environment to OES 2015 SP1. 


Before you proceed with the migration, review “Prerequisites” on page 253. In this section, the source 
server refers to a Supported OES server and the target server refers to an OES 2015 SP1 server. 

+ “Prerequisites” on page 253 

+ “What is Migrated” on page 253 


¢ “Migration Procedure” on page 253 


Prerequisites 


+ OES server is already installed and NCP is configured. For details, see OES 2015 SP1: NCP 
Server for Linux Administration Guide. 


+ NSS Pools and volumes are already migrated to the new OES 2015 SP1 server. Use the cluster 
migrate resource_name node_name command to migrate the cluster pools and volumes. For 
details, see “Using the Cluster Migrate Command” in the OES 2015 SP1: Novell Cluster 
Services for Linux Administration Guide. 


+ NCP (posix) volumes and non-cluster NSS volumes are already migrated to the new OES 2015 
SP1 server. This can be done by unmounting the corresponding file system from the source 
machine and mounting it on the target machine. 


What is Migrated 


+ Configuration files 


Migration Procedure 


1 Copy the following files from the OES 2 servers to OES 11 server 
+ /etc/opt/novell/ncpserv.conf 
+ /etc/opt/novell/ncp2nss.conf 
+ /etc/opt/novell/ncp/ncp2nss.audit.conf 
+ /etc/opt/novell/ncp/ncp2nss.log.conf 
¢ /etc/opt/novell/ncp/ncpserv.audit.conf 


+ /etc/opt/novell/ncp/ncpserv.log.conf 


IMPORTANT: The /etc/opt/novell/ncpserv.conf file contains the file server name in 
NCP_FILE_SERVER_NAME <server_name> format. If the source and target server names are 
different, ensure that you modify the parameter NCP_FILE_SERVER_NAME as 
NCP_FILE_SERVER_NAME <new_server_name> before proceeding to the next step. 
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2 After the files are copied restart ndsd daemon and ncp2nss daemon using the following 
commands on the target server: 


/etc/init.d/ncp2nss restart 


rendsd restart 
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Migrating OpenSLP to OES 2015 SP1 


This section describes how to migrate OpenSLP environment to OES 2015 SP1. 


Before you proceed with the migration, review “Prerequisites” on page 255. In this section, the source 
server refers to supported version of OES server and the target server refers to an OES 2015 SP1 
server. 


+ “What is Migrated” on page 255 

+ “Prerequisites” on page 255 

¢ “Migration Procedure” on page 255 
¢ “Verification” on page 256 


What is Migrated 


+ Configuration information 
+ Cache of service registrations 


Prerequisites 


Source Server 


Back up the /etc/slp.conf and /etc/slp.reg.d/slpd/DABackup files on the source SLP DA 
server, 


Target Server 


The target OES server need not be a SLP DA server. 


Migration Procedure 


1 Copy the following files from the source SLP server to the target server. 
+ /etc/slp.conf 
+ /etc/slp.reg.d/slpd/DABackup 


NOTE: The /etc/slp.reg.d/slpd/DABackup file will only be present in the source server if the 
net.slp.isDABackup parameter is set to true in the /etc/s1p.conf file. 
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2 The following steps are needed only if the IP address of the target server is different from the IP 
address of the source server. 


2a Ifthe SLP agent has been configured to listen on only selected interfaces in the /etc/ 
slp.conf file, then after copying the configuration file to the target server, in the 
net.slp.interfaces section include the IP address of the target system. 


2b If DHCP is used in the network to advertise SLP Agent addresses to clients, then the 
dhcpd.conf file must be updated with IP address of the new system. 


2c Ifthe SLP clients are configured to contact SLP agents through configuration files or by 
providing SLP Agent IP address in the Novell Client, then the changes should be manually 
updated on the clients. 


3 Stop the SLP service on the source SLP DA by executing the following command: 
rcstop slpd 
4 Reboot the target SLP server. 


Verification 


Check if the Clients are able to connect to services already registered before migration and whose 
service registration life time is still valid. 
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Migrating Proxy users to OES 2015 SP1 


This section describes how to migrate Proxy users to the OES 2015 SP1 server. 


Ensure to review “Prerequisites” on page 43, before proceeding with proxy migration. In this section, 
the source server refers to supported version of OES server and the target server refers to an OES 
2015 SP1 server. 


+ “What is Migrated” on page 257 
+ “Transfer ID Migration Procedure” on page 257 


What is Migrated 


+ The proxy users (common proxy and service proxy users) and their access rights. 


Transfer ID Migration Procedure 


¢ “Using Migration GUI for Proxy Migration” on page 257 

+ “Using the Migration Commands for Proxy Migration” on page 257 
+ “Troubleshooting” on page 261 

¢ “Enabling SSH” on page 262 


Using Migration GUI for Proxy Migration 


Beginning with OES 2015 or later, you can perform Common Proxy or Service Proxy migration using 
the Migration GUI tool. 


The Transfer ID GUI now supports migration of Common proxy and Service Proxy and there is no 
need to perform any additional manual steps. 


In the eDirectory Precheck step, the source server's proxy credentials are copied to the target server. 
In the Repair step, these proxy credentials are used to reconfigure the proxy user on the target 
server. 


Supported Scenarios: 


+ Source server and target server are both configured with Common Proxy. 


+ Source server and target server are both configured with Service Proxy 


Cross proxy migration (Service proxy to Common proxy or vice versa) or mixed proxy migration 
(service proxy + common proxy to target or vice versa) is not supported. 


Using the Migration Commands for Proxy Migration 


+ “Services that are Using Common Proxy” on page 258 


+ “Services that are Using Service Specific Proxy” on page 259 
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Services that are Using Common Proxy 


+ “Prerequisite” on page 258 
+ “Pre-Migration Procedure” on page 258 
+ “Proxy Migration” on page 258 


+ “Post-Migration Procedure” on page 259 
Prerequisite 
+ Ensure that the source server and target server is updated with the latest patches. 
+ Enable SSH on the source server. For more information, see “Enabling SSH” on page 262. 


Pre-Migration Procedure 


Before services are migrated to OES 2015 SP1 server, you must identify the services using common 
proxy and the common proxy credentials on the source server. 


1 On the source server, login as a root user. 


2 Retrieve the common proxy credentials on the source server by executing the following 
commands: 


/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username 


Displays common proxy DN. 


IMPORTANT: The dot format is not supported by the common proxy scripts. Ensure to use 
comma format for common proxy users and contexts. 


/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password 


Displays common proxy password. 
Make a note of the common proxy credentials. 
3 Identify the services using common proxy on the source server by executing the following 
command: 
/opt/novell/proxymgmt/bin/retrieve_proxy_list.sh 


This command writes all the OES services and their proxy users to the file /var/opt/novell/ 
log/proxymgmt/pxylist.txt. Using the common proxy credentials that are identified in Step 2, 
determine the services using common proxy from the pxylist.txt file. 


IMPORTANT: Do not delete, modify, or rename the common proxy user from eDirectory. 


Proxy Migration 


Migrate all the services that are using common proxy to the target server. On successful migration 
proceed with the post-migration procedure. 
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Post-Migration Procedure 


After the services are migrated to OES 2015 SP1 server, you must update CASA on the target server 
with common proxy credentials and reconfigure the services using common proxy to use the updated 
credentials. 


1 


Update CASA on the target server with common proxy credentials retrieved in Step 2 on 
page 258. 


la On the target server, login as a root user. 


1b Run the following command: 


/opt/novell/proxymgmt/bin/cp_update_proxy_cred.sh 


You are prompted to enter common proxy user DN and password. Enter details that are 


retrieved in Step 2 on page 258. This updates CASA with common proxy credentials. 


2 Verify if common proxy credentials are updated properly by executing the following commands: 


/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred username 
Displays common proxy DN. 
/opt/novell/proxymgmt/bin/cp_retrieve_proxy_cred password 


Displays common proxy password. 
Reconfigure the services identified in Step 3 on page 258 to use updated common proxy 
credentials. 


/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d <Admin DN> -w <Admin 
Password> -i <Destination system IP> -p 636 -s <comma separated list of 
services> 


For example: 


/opt/novell/proxymgmt/bin/move_to_common_proxy.sh -d cn=admin, o=novell -w 
novell -i 192.168.1.254 -p 636 -s novell-afp,novell-cifs, novell-dns 


Services that are Using Service Specific Proxy 


Proxy migration reconfigures the services on the target server with the source server proxy 
credentials. The migrate_services_proxy.sh script retrieves the service specific proxy credentials 
from the source and reconfigures the services on the target server with the proxy credentials of the 

source server. 


The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/pxymgmt . log 


file. 


+ 
+ 
+ 


+ 


“Prerequisites” on page 259 
“Pre-Migration Procedure” on page 260 
“Proxy Migration Procedure” on page 260 


“Verifying Proxy Migration” on page 261 


Prerequisites 


+ 


Platform Support for the Target Server: 
+ OES 2015 SP1 
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¢ Platform Support for the Source Server: 
+ OES 2015 SP1 
+ OES 2015 
+ OES 11 SP2 
+ OES 2 SP3 Linux on 32-bit or 64-bit 
+ Ensure that the source and target servers are updated with the latest patches. 
+ Enable SSH on the source server. For more information, see “Enabling SSH” on page 262. 


+ For OES 2 SP2, see the TID 7010507 to download the binaries and to perform proxy migration. 


Pre-Migration Procedure 
Execute the following command and note the service proxy credentials of the source server. 
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no> 


The -I option ignores the common proxy services and the -e option encrypts the password. 


Proxy Migration Procedure 


1 Migrate the services to the target server. 


On successful migration of services for supported OES source servers, proceed to Step 4 for 
proxy migration. 


2 (Conditional) Proxy migration of DNS, DHCP and LUM services on OES 2 SP2 server - On the 
source server, create the folders to store the proxy credentials retrieval scripts (/opt/nove11/ 
proxymgmt/bin/) and log files (/var/opt/novell/log/proxymgmt/). To download the scripts, 
refer the TID 7010507. 


3 (Conditional) Proxy migration of NetStorage on OES 2 SP2 server - Do the following: 
3a On the target server, install NetStorage 
3b Using YaST, configure NetStorage. 


3c When prompted for proxy user credentials, specify the proxy user credentials of the source 
server. NetStorage stores these credentials. 


4 (Conditional) Proxy migration of services on supported OES source servers - On the target 
server, run the command as a root user to reconfigure the services with the source server proxy 
credentials. 


/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s <Source_server_IP> -d 
<LDAP Admin FDN) -w <LDAP_Server_Password> -i <LDAP_server_IP> -p <LDAP Port> 


For example: 
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/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -s 192.168.1.1 -d 
cn=admin, o=novell -w xxxx -i 192.168.1.255 -p 636 


Option Description 


Mandatory Parameters: 


-S Specify the IP address of source server to copy the proxy credentials. 
-d Specify the LDAP Admin DN (comma format). 
-W Specify the LDAP Admin Password. Password is stored in encrypted format. 


-i Specify the LDAP server IP address. 
-p Specify the LDAP Port. Default secure port is 636. 
Optional Parameters: 


-e Specify the value to “yes” or “no”. Default value is “yes”. This ensures the 
credentials in the file are encrypted. 


-l Specify the value to “yes” or “no”. Default value is “yes”. This ignores the services 


using Common Proxy. 


On successful completion of proxy migration, the services on the target server will run with proxy 
credentials of the source server. 


Verifying Proxy Migration 


Verify if the services using service specific proxy on the target server are running with the proxy 
credentials of the source server. 


Execute the following command to display the service proxy credentials of the target server: 
/opt/novell/proxymgmt/bin/migrate_services_proxy.sh -I "" -e <yes|no> 


“I” this option ignores the common proxy services. You must pass an empty string (*”) with this 
option. 


“e” this option encrypts the service proxy credentials if “yes” parameter is passed. 


Verify the details with the service proxy credential noted in the “Pre-Migration Procedure” on 
page 260. 


Troubleshooting 


¢ “Service Specific Proxy Migration Fails” on page 261 


Service Specific Proxy Migration Fails 


Proxy users failed to migrate using the migrate_services_proxy.sh script. To resolve this issue, 
perform the following: 


1 Migrate the services to the target server. 
On successful migration of services, proceed to the next step. 


2 On the source server, login as a root user. 


Migrating Proxy users to OES 2015 SP1 261 


262 


3 (Conditional) If the source server is OES 2 SP2 and services are DNS, DHCP and LUM, create 


the folders to store the proxy credentials retrieval scripts (/opt/novell/proxymgmt/bin/) and 
log files (/var/opt/novell/log/proxymgmt/). To download the scripts, refer the TID 7010507. 


Copy the /opt/novell/proxymgmt/bin/services_get_proxy_cred.sh script from the target 
server to the source server in the /opt/novell/proxymgmt/bin/ folder. 


Retrieve the service specific proxy credentials on the source server by executing the following 
command: 


/opt/novell/proxymgmt/bin/services_get_proxy_cred.sh 


On successful execution, list of proxy user credentials are written to the /var/opt/novell/log/ 
proxymgmt/proxycred file on the source server. The proxycred file contains proxy user name 
in clear text format and password in encrypted format. 


The proxycred file stores the information in the following format: 
<servicename>=<proxydn>:<proxypass> 


Considering CIFS as an example: 
CIFSPROXY=cn=user123, ou=users, o=novell :<pwd> 


Copy the proxycred file to the target server by executing the following command: 


scp /var/opt/novell/log/proxymgmt/proxycred root@<Target Server IP>: scp /var/ 
opt/novell/log/proxymgmt/proxycred 


On the target server, run the command as a root user to reconfigure the services with source 
server proxy credentials 


/opt/novell/proxymgmt/bin/services_reconfig_proxy.sh -d <LDAP Admin DN> -w 
<LDAP Admin Password> -i <LDAP Server IP> -p <secure LDAP Port=636> 


The progress of proxy migration is recorded in the /var/opt/novell/log/proxymgmt/ 
pxymgmt . log file. 


On successful execution, services are reconfigured with the proxy credentials available in the / 
var/opt/novell/log/proxymgmt/proxycred file. 


(Optional) On completion of Proxy migration, we recommend you can delete the following files 
and folders to cleanup the source server. If the files are not deleted, they do not impact the 
working of the source server. 


+ services_get_proxy_cred.sh file 


¢ proxycred file 


Enabling SSH 


1 Enable SSH on the source server and the target server. 
2 Enter the + ssh-keygen -t rsa command on the target server. 
3 When you are prompted to enter the file in which to save the key (/root/.ssh/id_rsa), press 


Enter. 

The ssh keys are stored in the default location. 

When you are prompted to enter the passphrase (empty for no passphrase), press Enter. 

We recommend that you do not include the passphrase. 

Copy the key value (the output of the + ssh-keygen -t rsa command) to the source server. 
# scp ~/.ssh/id_rsa.pub root@<source-server>:/root/ 


where <source-server> is the IP address or the hostname of the source server. 
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6 Log in to the source server by using ssh. If the.ssh directory is not available, create the 
directory, then append the key value to the list of authenticated keys. 


cat id_rsa.pub >> /root/.ssh/authorized_keys 
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